Jump to content
uniGUI Discussion Forums
Sign in to follow this  
MarkLince

Content Security Policy Header

Recommended Posts

Hi,

 

With ISAPI ap, can anyone tell me how to set Content Security Policy Header for UNIgui?

 

I have tried to set this in IIS 8 using the Header Response but no matter what options I set, my ap stops loading (loading....)

 

Thanks in advance.

Mark

Share this post


Link to post
Share on other sites

Hi,

 

You can add a custom meta tag to SeverModule->CustomMeta. However, it is very likely that your uniGUI web app will not load because CSP highly restricts execution of dynamic java script code. uniGUI apps need to dynamically execure JS code. You may find a correct receipt that will work with uniGUI, but it may take several trial and error attempts.

Share this post


Link to post
Share on other sites

Hi Farshad,

Thanks for the speedy reply. OK, sounds like its unlikely to work, but I will try anyway and let you know.

Regards

Mark

Share this post


Link to post
Share on other sites

Hi farshad,

Just one thing, if CSP is not possible, what is the best way to mitigate xxs attacks in unigui aps

Thanks again

Mark

Share this post


Link to post
Share on other sites

First we need to find if XSS attacks are actually possible in a uniGUI app. Are there any examples od XSS that can be applicable to a unigui app?

Share this post


Link to post
Share on other sites
Sign in to follow this  

×