Release : UIM 20.1

Component : UIM - UMP 20.1

Originally settings for HSTS resolution were done as per below KB after which was getting issue of webcontent page getting blocked 

KB :UIM HTTPS Security Findings for HSTS

https://knowledge.broadcom.com/external/article?articleId=200249

To handle this replace HSTS filter with below configuration. New filter is overriding the x-frame options which are blocking the webcontent.

Added new parameters antiClickJackingEnabled and antiClickJackingOption within HSTS filter.


 <filter>
      <filter-name>HTTP Header Security Filter</filter-name>
      <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
      <init-param>
        <param-name>hstsMaxAgeSeconds</param-name>
        <param-value>31536000</param-value>
      </init-param>
      <init-param>
        <param-name>hstsEnabled</param-name>
        <param-value>true</param-value>
      </init-param>
      <init-param>
        <param-name>hstsIncludeSubDomains</param-name>
        <param-value>true</param-value>
      </init-param>
        <init-param>
        <param-name>antiClickJackingEnabled</param-name>
        <param-value>true</param-value>
    </init-param>     
    <init-param>
         <param-name>antiClickJackingOption</param-name>
        <param-value>SAMEORIGIN</param-value>
    </init-param>  
    </filter>
    <filter-mapping>
      <filter-name>HTTP Header Security Filter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>




Note: Above change need to be added in both web.xml and liferay-web.xml i.e wherever you have enabled HSTS filter