- Analytical Applications Infrastructure
- Post-Installation Tasks
- Configure Referrer Header Validation
Configure Referrer Header Validation
Referrer Header Validation protects against CSRF attacks by allowing validated
host URLs.
- Navigate to the
web.xmlfile in the$FIC_HOME/ficweb/webroot/WEB-INF/directory. - Add the following tag:
<filter> <filter-name>FilterServlet</filter-name> <filter-class>com.iflex.fic.filters.FilterServlet</filter-class> <init-param> <param-name>AllowHosts</param-name> <param-value><URL1>/ <URL2>/</param-value> </init-param> </filter>Note:
- Separate <URL1> and <URL2> with a single space. Adding the URLs without a space between them or adding two or more spaces between them results in errors. Make sure that <URL> ends with a forward slash (/).
- If you choose to set Referrer-Policy no-referrer, then follow
these steps. The above steps to configure Referrer Header validation
are not required.
- Open the web.xml file in the
$FIC_HOME/ficweb/webroot/WEB-INF/ directory. The
REFERRER_POLICY_FLAG is set to TRUE by
default in the web.xml file as shown in the following tag:
<context-param> <param-name>REFERRER_POLICY_FLAG</param-name> <param-value>TRUE</param-value> </context-param> - Modify the referrer policy in the web.xml file to FALSE.
- Open the web.xml file in the
$FIC_HOME/ficweb/webroot/WEB-INF/ directory. The
REFERRER_POLICY_FLAG is set to TRUE by
default in the web.xml file as shown in the following tag: