|
|
@ -55,5 +55,52 @@
|
|
|
|
"url": "/api/operation/*",
|
|
|
|
"url": "/api/operation/*",
|
|
|
|
"path": "/api/operation-api.jag"
|
|
|
|
"path": "/api/operation-api.jag"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"filters": [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name": "URLBasedCachePreventionFilter",
|
|
|
|
|
|
|
|
"class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter"
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name":"HttpHeaderSecurityFilter",
|
|
|
|
|
|
|
|
"class":"org.apache.catalina.filters.HttpHeaderSecurityFilter",
|
|
|
|
|
|
|
|
"params" : [{"name" : "hstsEnabled", "value" : "false"}]
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"filterMappings": [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name": "URLBasedCachePreventionFilter",
|
|
|
|
|
|
|
|
"url": "/api/*"
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name":"HttpHeaderSecurityFilter",
|
|
|
|
|
|
|
|
"url":"*"
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"listeners" : [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"class" : "org.owasp.csrfguard.CsrfGuardServletContextListener"
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"servlets" : [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name" : "JavaScriptServlet",
|
|
|
|
|
|
|
|
"class" : "org.owasp.csrfguard.servlet.JavaScriptServlet"
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"servletMappings" : [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name" : "JavaScriptServlet",
|
|
|
|
|
|
|
|
"url" : "/csrf.js"
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
],
|
|
|
|
|
|
|
|
"contextParams" : [
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
"name" : "Owasp.CsrfGuard.Config",
|
|
|
|
|
|
|
|
"value" : "/repository/conf/security/Owasp.CsrfGuard.Carbon.properties"
|
|
|
|
|
|
|
|
}
|
|
|
|
]
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|