[UI] Prevent UI from XSS

Prevent UI from XSS (Cross-site-scripting)
attacks.

JIRA: VAL-56

Signed-off-by: Ioakeim Samaras <ioakeim.samaras@ericsson.com>
Change-Id: Iab877852f0f4c35e36a23c2cae301dffd3d57827

diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md
index 50d234a..de1afb2 100644 (file)
--- a/ui/CHANGELOG.md
+++ b/ui/CHANGELOG.md
@@ -190,3 +190,11 @@ All notable changes to this project will be documented in this file.
 - Password of users that try to login is taken into account
 
 ### Removed
+
+## [0.3.4-SNAPSHOT] - 26 September 2019
+### Added
+- Prevent XSS attacks
+
+### Changed
+
+### Removed

diff --git a/ui/pom.xml b/ui/pom.xml
index 614d2ff..870b3a1 100644 (file)
--- a/ui/pom.xml
+++ b/ui/pom.xml
@@ -14,7 +14,7 @@
 
     <groupId>org.akraino.validation</groupId>
     <artifactId>ui</artifactId>
-    <version>0.3.3-SNAPSHOT</version>
+    <version>0.3.4-SNAPSHOT</version>
     <name>Bluval UI Maven Webapp</name>
     <packaging>war</packaging>
 

diff --git a/ui/src/main/webapp/WEB-INF/web.xml b/ui/src/main/webapp/WEB-INF/web.xml
index 6fd8b99..e65accc 100644 (file)
--- a/ui/src/main/webapp/WEB-INF/web.xml
+++ b/ui/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,10 @@
     <session-config>
         <session-timeout>30</session-timeout>
         <tracking-mode>COOKIE</tracking-mode>
+        <cookie-config>
+            <http-only>true</http-only>
+            <secure>true</secure>
+        </cookie-config>
     </session-config>
     <filter>
         <filter-name>SecurityXssFilter</filter-name>