MarkLince Posted July 1, 2017 Share Posted July 1, 2017 Hi, With ISAPI ap, can anyone tell me how to set Content Security Policy Header for UNIgui? I have tried to set this in IIS 8 using the Header Response but no matter what options I set, my ap stops loading (loading....) Thanks in advance. Mark Link to comment Share on other sites More sharing options...
Administrators Farshad Mohajeri Posted July 1, 2017 Administrators Share Posted July 1, 2017 Hi, You can add a custom meta tag to SeverModule->CustomMeta. However, it is very likely that your uniGUI web app will not load because CSP highly restricts execution of dynamic java script code. uniGUI apps need to dynamically execure JS code. You may find a correct receipt that will work with uniGUI, but it may take several trial and error attempts. 1 Link to comment Share on other sites More sharing options...
MarkLince Posted July 1, 2017 Author Share Posted July 1, 2017 Hi Farshad, Thanks for the speedy reply. OK, sounds like its unlikely to work, but I will try anyway and let you know. Regards Mark Link to comment Share on other sites More sharing options...
MarkLince Posted July 1, 2017 Author Share Posted July 1, 2017 Hi farshad, Just one thing, if CSP is not possible, what is the best way to mitigate xxs attacks in unigui aps Thanks again Mark Link to comment Share on other sites More sharing options...
Administrators Farshad Mohajeri Posted July 1, 2017 Administrators Share Posted July 1, 2017 First we need to find if XSS attacks are actually possible in a uniGUI app. Are there any examples od XSS that can be applicable to a unigui app? Link to comment Share on other sites More sharing options...
MarkLince Posted July 14, 2017 Author Share Posted July 14, 2017 I can't find any Thanks Farshad Link to comment Share on other sites More sharing options...
stas Posted August 27, 2019 Share Posted August 27, 2019 Hello Xss attack Thank you XSS.zip Link to comment Share on other sites More sharing options...
bbm Posted July 14, 2022 Share Posted July 14, 2022 Hi, any solution for that? Best regards Link to comment Share on other sites More sharing options...
irigsoft Posted December 8, 2023 Share Posted December 8, 2023 On 7/14/2022 at 9:50 AM, bbm said: Hi, any solution for that? Best regards on procedure TUniServerModule.UniGUIServerModuleHTTPCommand( add //https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src AResponseInfo.CustomHeaders.AddValue('Content-Security-Policy', 'frame-src ''none''; object-src ''none''; '); please share result ! Link to comment Share on other sites More sharing options...
Recommended Posts