From: Roland Haeder Date: Thu, 7 Apr 2016 10:57:42 +0000 (+0200) Subject: added some http-only configuration to avoid common XSS X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=de6356fedf067ad343e4ec35e74e6b25963641c2;p=addressbook-war.git added some http-only configuration to avoid common XSS --- diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml index 4daac621..63b7ef9b 100644 --- a/web/WEB-INF/web.xml +++ b/web/WEB-INF/web.xml @@ -1,70 +1,73 @@ - An online address book application to share private and business memebers between all members. It is also possible that the user's profile can be made visible to outside. - Addressbook Application v1.0 - - javax.faces.PROJECT_STAGE - Development - - - Faces Servlet - javax.faces.webapp.FacesServlet - 1 - - - Faces Servlet - /faces/* - - - - 30 - - - - faces/index.xhtml - - - LoginConstraint - - loginArea - Login area - /llogin/* - - - User Authentication - user - - - - AdminConstraint - - admin - Administrative area - /admin/* - - - Admin authentication - admin - - - - FORM - Loginbereich / Login area - - /user/login.xhtml - /user/login_error.xhtml - - - - A logged-in user that has previously registered himself/herself. - user - - - tpl - text/plain - - - Administrativre rule - admin - + An online address book application to share private and business memebers between all members. It is also possible that the user's profile can be made visible to outside. + Addressbook Application v1.0 + + javax.faces.PROJECT_STAGE + Development + + + Faces Servlet + javax.faces.webapp.FacesServlet + 1 + + + Faces Servlet + /faces/* + + + + 30 + + + true + + + + faces/index.xhtml + + + LoginConstraint + + loginArea + Login area + /llogin/* + + + User Authentication + user + + + + AdminConstraint + + admin + Administrative area + /admin/* + + + Admin authentication + admin + + + + FORM + Loginbereich / Login area + + /user/login.xhtml + /user/login_error.xhtml + + + + A logged-in user that has previously registered himself/herself. + user + + + tpl + text/plain + + + Administrativre rule + admin +