|
|
|
@ -66,24 +66,39 @@
|
|
|
|
|
},
|
|
|
|
|
"filters": [
|
|
|
|
|
{
|
|
|
|
|
"name": "URLBasedCachePreventionFilter",
|
|
|
|
|
"class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
|
|
|
|
|
"name": "ContentTypeBasedCachePreventionFilter",
|
|
|
|
|
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
|
|
|
|
|
"params" : [
|
|
|
|
|
{"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
|
|
|
|
|
{"name" : "filterAction", "value" : "enforce"},
|
|
|
|
|
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name":"HttpHeaderSecurityFilter",
|
|
|
|
|
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
|
|
|
|
|
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name" : "CSRFGuard",
|
|
|
|
|
"class" : "org.owasp.csrfguard.CsrfGuardFilter"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
],
|
|
|
|
|
"filterMappings": [
|
|
|
|
|
{
|
|
|
|
|
"name": "URLBasedCachePreventionFilter",
|
|
|
|
|
"url": "/api/*"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name":"HttpHeaderSecurityFilter",
|
|
|
|
|
"url":"*"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name" : "CSRFGuard",
|
|
|
|
|
"url" : "/*"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"name":"ContentTypeBasedCachePreventionFilter",
|
|
|
|
|
"url":"*"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
],
|
|
|
|
|
"listeners" : [
|
|
|
|
|
{
|
|
|
|
@ -108,7 +123,7 @@
|
|
|
|
|
"contextParams" : [
|
|
|
|
|
{
|
|
|
|
|
"name" : "Owasp.CsrfGuard.Config",
|
|
|
|
|
"value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
|
|
|
|
|
"value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|