From df7d612176dc223cda3c18a8aa44c01490331d04 Mon Sep 17 00:00:00 2001 From: Chatura Dilan Date: Wed, 18 Jan 2017 12:59:45 +0530 Subject: [PATCH 1/2] Added Owasp security configurations --- .../conf/security/Owasp.CsrfGuard.Carbon.properties | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties index bf300027..408d7dfd 100644 --- a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties +++ b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties @@ -465,6 +465,11 @@ org.owasp.csrfguard.unprotected.dcrRestApi=%servletContext%/dynamic-client-web/* org.owasp.csrfguard.unprotected.deviceMgtSSOAcs=%servletContext%/devicemgt/uuf/sso/acs org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/invoker/execute/* +org.owasp.csrfguard.unprotected.storeEventPublisher=%servletContext%/store/apis/eventpublish/* +org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs +org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs +org.owasp.csrfguard.unprotected.apiStoreAcs=%servletContext%/api-store/acs +org.owasp.csrfguard.unprotected.portalAcs=%servletContext%/portal/acs #carbon org.owasp.csrfguard.unprotected.Services=%servletContext%/services/* From 6c02e9f947ba8ecb5159e7e3420a72cf099ee70f Mon Sep 17 00:00:00 2001 From: Chatura Dilan Date: Wed, 18 Jan 2017 13:01:45 +0530 Subject: [PATCH 2/2] Added Owasp security configurations --- .../repository/conf/security/Owasp.CsrfGuard.Carbon.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties index 408d7dfd..44ec06da 100644 --- a/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties +++ b/modules/core/distribution/src/repository/conf/security/Owasp.CsrfGuard.Carbon.properties @@ -470,6 +470,8 @@ org.owasp.csrfguard.unprotected.publisherAcs=%servletContext%/publisher/acs org.owasp.csrfguard.unprotected.storeAcs=%servletContext%/store/acs org.owasp.csrfguard.unprotected.apiStoreAcs=%servletContext%/api-store/acs org.owasp.csrfguard.unprotected.portalAcs=%servletContext%/portal/acs +org.owasp.csrfguard.unprotected.socialAcs=%servletContext%/social/acs + #carbon org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*