MarkLince Posted July 1, 2017 Posted July 1, 2017 Hi, With ISAPI ap, can anyone tell me how to set Content Security Policy Header for UNIgui? I have tried to set this in IIS 8 using the Header Response but no matter what options I set, my ap stops loading (loading....) Thanks in advance. Mark
Administrators Farshad Mohajeri Posted July 1, 2017 Administrators Posted July 1, 2017 Hi, You can add a custom meta tag to SeverModule->CustomMeta. However, it is very likely that your uniGUI web app will not load because CSP highly restricts execution of dynamic java script code. uniGUI apps need to dynamically execure JS code. You may find a correct receipt that will work with uniGUI, but it may take several trial and error attempts. 1
MarkLince Posted July 1, 2017 Author Posted July 1, 2017 Hi Farshad, Thanks for the speedy reply. OK, sounds like its unlikely to work, but I will try anyway and let you know. Regards Mark
MarkLince Posted July 1, 2017 Author Posted July 1, 2017 Hi farshad, Just one thing, if CSP is not possible, what is the best way to mitigate xxs attacks in unigui aps Thanks again Mark
Administrators Farshad Mohajeri Posted July 1, 2017 Administrators Posted July 1, 2017 First we need to find if XSS attacks are actually possible in a uniGUI app. Are there any examples od XSS that can be applicable to a unigui app?
irigsoft Posted December 8, 2023 Posted December 8, 2023 On 7/14/2022 at 9:50 AM, bbm said: Hi, any solution for that? Best regards on procedure TUniServerModule.UniGUIServerModuleHTTPCommand( add //https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src AResponseInfo.CustomHeaders.AddValue('Content-Security-Policy', 'frame-src ''none''; object-src ''none''; '); please share result !
Recommended Posts