Code Review / validation.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[UI] Prevent UI from XSS
[validation.git] / ui / src / main / webapp / WEB-INF / web.xml
diff --git a/ui/src/main/webapp/WEB-INF/web.xml b/ui/src/main/webapp/WEB-INF/web.xml
index 6fd8b99..e65accc 100644 (file)
--- a/ui/src/main/webapp/WEB-INF/web.xml
+++ b/ui/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,10 @@
     <session-config>
         <session-timeout>30</session-timeout>
         <tracking-mode>COOKIE</tracking-mode>
+        <cookie-config>
+            <http-only>true</http-only>
+            <secure>true</secure>
+        </cookie-config>
     </session-config>
     <filter>
         <filter-name>SecurityXssFilter</filter-name>