From b4eb86e985f95c20e30af7a95102b9aea6ae28ef Mon Sep 17 00:00:00 2001 From: Harshan Liyanage Date: Tue, 6 Dec 2016 11:54:31 +0530 Subject: [PATCH] Added security filters to devicemgt jaggery app --- .../jaggeryapps/devicemgt/jaggery.conf | 49 ++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf index dec7a25f8c..76bfb37095 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/jaggery.conf @@ -55,5 +55,52 @@ "url": "/api/operation/*", "path": "/api/operation-api.jag" } - ] + ], + "filters": [ + { + "name": "URLBasedCachePreventionFilter", + "class": "org.wso2.carbon.ui.filters.cache.URLBasedCachePreventionFilter" + }, + { + "name":"HttpHeaderSecurityFilter", + "class":"org.apache.catalina.filters.HttpHeaderSecurityFilter", + "params" : [{"name" : "hstsEnabled", "value" : "false"}] + } + ], + "filterMappings": [ + { + "name": "URLBasedCachePreventionFilter", + "url": "/api/*" + }, + { + "name":"HttpHeaderSecurityFilter", + "url":"*" + } + ], + "listeners" : [ + { + "class" : "org.owasp.csrfguard.CsrfGuardServletContextListener" + }, + { + "class" : "org.owasp.csrfguard.CsrfGuardHttpSessionListener" + } + ], + "servlets" : [ + { + "name" : "JavaScriptServlet", + "class" : "org.owasp.csrfguard.servlet.JavaScriptServlet" + } + ], + "servletMappings" : [ + { + "name" : "JavaScriptServlet", + "url" : "/csrf.js" + } + ], + "contextParams" : [ + { + "name" : "Owasp.CsrfGuard.Config", + "value" : "/repository/conf/security/Owasp.CsrfGuard.Carbon.properties" + } + ] } \ No newline at end of file