Configure Referrer Header Validation

Set up Referrer Header validation.

Referrer Header validation protects against CSRF attacks by allowing validated host URLs.

To configure Referrer Header validation:

1. Navigate to the web.xml file in the $FIC_HOME/ficweb/webroot/WEB-INF/ directory, and add the following tag:

   <filter>
   <filter-name>FilterServlet</filter-name>
   <filter-class>com.iflex.fic.filters.FilterServlet</filter-class>
   <init-param>
     <param-name>AllowHosts</param-name>
     <param-value><URL1>/ <URL2>/</param-value>
   </init-param>
   </filter>

Note:

1. Ensure there is a single space between <URL1> and <URL2>. Adding the URLs without a space between them or adding two or more spaces between them results in errors, and confirm that <URL> concludes with a forward slash (/).
2. If you choose to set Referrer-Policy no-referrer, disregard the above steps to configure Referrer Header validation and proceed with the following:
   1. Open the web.xml file in the $FIC_HOME/ficweb/webroot/WEB-INF/ directory. The REFERRER_POLICY_FLAG is set to TRUE by default in the web.xml file:

      <context-param>
      <param-name>REFERRER_POLICY_FLAG</param-name>
      <param-value>TRUE</param-value>
      </context-param>

   2. Modify the referrer policy in the web.xml file to FALSE.