We are currently using SmartClient Version: v12.0p_2020-08-08/PowerEdition.
During ZAP penetration testing, we identified vulnerabilities related to the 'Content Security Policy (CSP) Header Not Set'. Upon further analysis, we discovered that the CSP header was not configured. However, when we attempted to configure it, our web application stopped functioning.
Additionally, we found articles on the SmartClient forum indicating that the CSP header is not supported by the Isomorphic.
https://forums.smartclient.com/forum...-clarification
https://forums.smartclient.com/forum...xssf-csr-issue
https://forums.smartclient.com/forum...cy-unsafe-eval
Could you please confirm whether CSP header support is available in the latest version of SmartClient? If not, what is the recommended approach to address or mitigate this issue?
During ZAP penetration testing, we identified vulnerabilities related to the 'Content Security Policy (CSP) Header Not Set'. Upon further analysis, we discovered that the CSP header was not configured. However, when we attempted to configure it, our web application stopped functioning.
Additionally, we found articles on the SmartClient forum indicating that the CSP header is not supported by the Isomorphic.
https://forums.smartclient.com/forum...-clarification
https://forums.smartclient.com/forum...xssf-csr-issue
https://forums.smartclient.com/forum...cy-unsafe-eval
Could you please confirm whether CSP header support is available in the latest version of SmartClient? If not, what is the recommended approach to address or mitigate this issue?
Comment