Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Content-Security-Policy response header to mitigate JavaScript Library with Known Vulnerability

D99
Cirrus
Cirrus

‎07-Jul-2021 04:04

Hi Experts,

 

We have a vulnerability reported on one of our hosted application

 

150162 Use of JavaScript Library with Known Vulnerability. Application team cannot remediate this due to some limitation on their end and want to solve this by using CSP on F5

 

Need your support if we can achieve this using LTM policies or irules

 

Remediation from OEM:

Enable Content-Security-Policy response header for MPP with the following directives to mitigate XSS. 

Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';

Labels:
0 Kudos
0 REPLIES 0
Copyright © 2023 Khoros, LLC