Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Content-Security-Policy response header to mitigate JavaScript Library with Known Vulnerability

D99
Cirrus
Cirrus

Hi Experts,

 

We have a vulnerability reported on one of our hosted application

 

150162 Use of JavaScript Library with Known Vulnerability. Application team cannot remediate this due to some limitation on their end and want to solve this by using CSP on F5

 

Need your support if we can achieve this using LTM policies or irules

 

Remediation from OEM:

Enable Content-Security-Policy response header for MPP with the following directives to mitigate XSS. 

Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';

0 REPLIES 0