Support HSTS configuration updates through deployment.toml (#5420)

* Support HSTS configuration updates through deployment.toml * Add changeset 🦋 * Revise the config name
wso2 · Feb 6, 2024 · cfde931 · cfde931
1 parent 4fc35ed
commit cfde931
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/.changeset/honest-bulldogs-fetch.md b/.changeset/honest-bulldogs-fetch.md
@@ -0,0 +1,5 @@
+---
+"@wso2is/identity-apps-core": patch
+---
+
+Support HSTS configuration updates through deployment.toml
diff --git a/...features/org.wso2.identity.apps.authentication.portal.server.feature/resources/web.xml.j2 b/...features/org.wso2.identity.apps.authentication.portal.server.feature/resources/web.xml.j2
@@ -164,15 +164,27 @@
     <filter>
         <filter-name>HttpHeaderSecurityFilter</filter-name>
         <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        {% set ns = namespace(hstsEnabledFound=false) %}
+        {% for parameter in authenticationendpoint.tomcat.http_header_security_filter.parameters %}
+        <init-param>
+            <param-name>{{ parameter.name }}</param-name>
+            <param-value>{{ parameter.value }}</param-value>
+        </init-param>
+        {% if parameter.name == 'hstsEnabled' %}
+            {% set ns.hstsEnabledFound = true %}
+        {% endif %}
+        {% endfor %}
+        {% if not ns.hstsEnabledFound %}
         <init-param>
             <param-name>hstsEnabled</param-name>
             <param-value>false</param-value>
         </init-param>
+        {% endif %}
     </filter>
 
     <filter-mapping>
         <filter-name>HttpHeaderSecurityFilter</filter-name>
-        <url-pattern>*</url-pattern>
+        <url-pattern>{{ authenticationendpoint.tomcat.http_header_security_filter.url_pattern | default('*') }}</url-pattern>
     </filter-mapping>
 
     <filter>

diff --git a/...-core/features/org.wso2.identity.apps.recovery.portal.server.feature/resources/web.xml.j2 b/...-core/features/org.wso2.identity.apps.recovery.portal.server.feature/resources/web.xml.j2
@@ -93,15 +93,27 @@
     <filter>
         <filter-name>HttpHeaderSecurityFilter</filter-name>
         <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+        {% set ns = namespace(hstsEnabledFound=false) %}
+        {% for parameter in accountrecoveryendpoint.tomcat.http_header_security_filter.parameters %}
+        <init-param>
+            <param-name>{{ parameter.name }}</param-name>
+            <param-value>{{ parameter.value }}</param-value>
+        </init-param>
+        {% if parameter.name == 'hstsEnabled' %}
+            {% set ns.hstsEnabledFound = true %}
+        {% endif %}
+        {% endfor %}
+        {% if not ns.hstsEnabledFound %}
         <init-param>
             <param-name>hstsEnabled</param-name>
             <param-value>false</param-value>
         </init-param>
+        {% endif %}
     </filter>
 
     <filter-mapping>
         <filter-name>HttpHeaderSecurityFilter</filter-name>
-        <url-pattern>*</url-pattern>
+        <url-pattern>{{ accountrecoveryendpoint.tomcat.http_header_security_filter.url_pattern | default('*') }}</url-pattern>
     </filter-mapping>
 
     <filter>