-
Please read or re-read the linked threads in their entirety. CSP does not apply here, there is no security issue, and CSP should be left off. -
Pen Testing : Content Security Policy (CSP) Header Not Set
We are currently using SmartClient Version: v12.0p_2020-08-08/PowerEdition.
During ZAP penetration testing, we identified vulnerabilities related to the 'Content Security Policy (CSP) Header Not Set'. Upon further analysis, we discovered that the CSP header was not configured. However, when we attempted to configure it, our web application stopped functioning.
Additionally, we found articles on the SmartClient forum indicating that the CSP header is not supported by the Isomorphic.
https://forums.smartclient.com/forum...-clarification
https://forums.smartclient.com/forum...xssf-csr-issue
https://forums.smartclient.com/forum...cy-unsafe-eval
Could you please confirm whether CSP header support is available in the latest version of SmartClient? If not, what is the recommended approach to address or mitigate this issue?
- You need to login (link above) before you can post. If you do not yet have an account, please register.
Leave a comment: