Added security filters to jaggery.conf

8 years ago · 4fbab80782
parent 810bd1d2ad
commit 4fbab80782
1 changed files with 22 additions and 7 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf
@ -66,24 +66,39 @@
    },
  "filters": [
    {
-      "name": "URLBasedCachePreventionFilter",
-      "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
+            "name": "ContentTypeBasedCachePreventionFilter",
+            "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
+            "params" : [
+                {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
+                {"name" : "filterAction", "value" : "enforce"},
+                {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
+            ]
    },
    {
      "name":"HttpHeaderSecurityFilter",
      "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
      "params" : [{"name" : "hstsEnabled", "value" : "false"}]
+    },
+    {
+        "name" : "CSRFGuard",
+        "class" : "org.owasp.csrfguard.CsrfGuardFilter"
    }
+
  ],
  "filterMappings": [
-    {
-      "name": "URLBasedCachePreventionFilter",
-      "url": "/api/*"
-    },
    {
      "name":"HttpHeaderSecurityFilter",
       "url":"*"
+    },
+    {
+        "name" : "CSRFGuard",
+        "url" : "/*"
+    },
+    {
+        "name":"ContentTypeBasedCachePreventionFilter",
+        "url":"*"
    }
+
  ],
  "listeners" : [
      {
@ -108,7 +123,7 @@
    "contextParams" : [
      {
        "name" : "Owasp.CsrfGuard.Config",
-        "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
+        "value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
      }
    ]
 }