diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf index 832c1ab252..fd500822e0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf @@ -66,24 +66,39 @@ }, "filters": [ { - "name": "URLBasedCachePreventionFilter", - "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter" + "name": "ContentTypeBasedCachePreventionFilter", + "class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter", + "params" : [ + {"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"}, + {"name" : "filterAction", "value" : "enforce"}, + {"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"} + ] }, { "name":"HttpHeaderSecurityFilter", "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter", "params" : [{"name" : "hstsEnabled", "value" : "false"}] + }, + { + "name" : "CSRFGuard", + "class" : "org.owasp.csrfguard.CsrfGuardFilter" } + ], "filterMappings": [ - { - "name": "URLBasedCachePreventionFilter", - "url": "/api/*" - }, { "name":"HttpHeaderSecurityFilter", "url":"*" + }, + { + "name" : "CSRFGuard", + "url" : "/*" + }, + { + "name":"ContentTypeBasedCachePreventionFilter", + "url":"*" } + ], "listeners" : [ { @@ -108,7 +123,7 @@ "contextParams" : [ { "name" : "Owasp.CsrfGuard.Config", - "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties" + "value" : "repository/conf/security/Owasp.CsrfGuard.dashboard.properties" } ] } \ No newline at end of file