MNT-22184 Add security header for admin console (#323)

packaging/war/src/main/resources/alfresco/web-client-security-config.xml

@@ -184,5 +184,15 @@
       </filter>
 
    </config>
-
+   <!--
+         A set of HTTP response headers that instructs the browser to behave in certain ways to improve security
+    -->
+   <config evaluator="string-compare" condition="SecurityHeadersPolicy">
+      <headers>
+         <header>
+            <name>X-Frame-Options</name>
+            <value>SAMEORIGIN</value>
+         </header>
+      </headers>
+   </config>
 </alfresco-config>

packaging/war/src/main/webapp/WEB-INF/web.xml

@@ -104,6 +104,12 @@
       <filter-class>org.springframework.extensions.webscripts.servlet.CSRFFilter</filter-class>
    </filter>
 
+   <filter>
+      <description>Security Headers filter. Adds security response headers based on config.</description>
+      <filter-name>Security Headers Filter</filter-name>
+      <filter-class>org.springframework.extensions.webscripts.servlet.SecurityHeadersFilter</filter-class>
+   </filter>
+
    <!-- Enterprise filter placeholder -->
    <filter-mapping>
       <filter-name>Clear security context filter</filter-name>
@@ -225,6 +231,11 @@
       <url-pattern>/wcs/admin/*</url-pattern>
    </filter-mapping>
 
+   <filter-mapping>
+      <filter-name>Security Headers Filter</filter-name>
+      <url-pattern>/*</url-pattern>
+   </filter-mapping>
+
    <!-- Enterprise filter-mapping placeholder -->
    
    <!-- Spring Context Loader listener - can disable loading of context if runtime config changes are needed -->