From 1459ff63baba295768ad703b2699fbfc509f7b34 Mon Sep 17 00:00:00 2001
From: Ioakeim Samaras <ioakeim.samaras@ericsson.com>
Date: Thu, 26 Sep 2019 10:26:30 +0300
Subject: [PATCH] [UI] Prevent UI from XSS

Prevent UI from XSS (Cross-site-scripting)
attacks.

JIRA: VAL-56

Signed-off-by: Ioakeim Samaras <ioakeim.samaras@ericsson.com>
Change-Id: Iab877852f0f4c35e36a23c2cae301dffd3d57827
---
 ui/CHANGELOG.md                    | 8 ++++++++
 ui/pom.xml                         | 2 +-
 ui/src/main/webapp/WEB-INF/web.xml | 4 ++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md
index 50d234a..de1afb2 100644
--- a/ui/CHANGELOG.md
+++ b/ui/CHANGELOG.md
@@ -190,3 +190,11 @@ All notable changes to this project will be documented in this file.
 - Password of users that try to login is taken into account
 
 ### Removed
+
+## [0.3.4-SNAPSHOT] - 26 September 2019
+### Added
+- Prevent XSS attacks
+
+### Changed
+
+### Removed
diff --git a/ui/pom.xml b/ui/pom.xml
index 614d2ff..870b3a1 100644
--- a/ui/pom.xml
+++ b/ui/pom.xml
@@ -14,7 +14,7 @@
 
     <groupId>org.akraino.validation</groupId>
     <artifactId>ui</artifactId>
-    <version>0.3.3-SNAPSHOT</version>
+    <version>0.3.4-SNAPSHOT</version>
     <name>Bluval UI Maven Webapp</name>
     <packaging>war</packaging>
 
diff --git a/ui/src/main/webapp/WEB-INF/web.xml b/ui/src/main/webapp/WEB-INF/web.xml
index 6fd8b99..e65accc 100644
--- a/ui/src/main/webapp/WEB-INF/web.xml
+++ b/ui/src/main/webapp/WEB-INF/web.xml
@@ -20,6 +20,10 @@
     <session-config>
         <session-timeout>30</session-timeout>
         <tracking-mode>COOKIE</tracking-mode>
+        <cookie-config>
+            <http-only>true</http-only>
+            <secure>true</secure>
+        </cookie-config>
     </session-config>
     <filter>
         <filter-name>SecurityXssFilter</filter-name>
-- 
2.16.6