Forum Discussion

D99's avatar
Icon for Cirrus rankCirrus
Jul 07, 2021

Content-Security-Policy response header to mitigate JavaScript Library with Known Vulnerability

Hi Experts,


We have a vulnerability reported on one of our hosted application


150162 Use of JavaScript Library with Known Vulnerability. Application team cannot remediate this due to some limitation on their end and want to solve this by using CSP on F5


Need your support if we can achieve this using LTM policies or irules


Remediation from OEM:

Enable Content-Security-Policy response header for MPP with the following directives to mitigate XSS. 

Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';

No RepliesBe the first to reply