Fabrik icon indicating copy to clipboard operation
Fabrik copied to clipboard

Published 20 hours ago verified publisher icon Cloud-CV

Updated for protection against MIME & XSS based attacks

Open yashdusing opened this issue 5 years ago • 4 comments

Updated headers to ajax call for protection against MIME and XSS based attacks

yashdusing avatar Nov 14 '18 15:11 yashdusing

@yashdusing can you use the methods listed in #459 to verify the changes you made for HTTP Headers works and mention the results here.

Ram81 avatar Nov 17 '18 16:11 Ram81

It shows up as unprotected (the same as shown in #459). Although I do have a doubt. 0.0.0.0:8000 is the home page site which has no headers on it. The headers are added to the ajax calls made to import/export or other apps so isn’t it supposed to show up not protected ?(unless we somehow added XSS protection to home page)

yashdusing avatar Nov 17 '18 16:11 yashdusing

So 0.0.0.0:8000/layer_parameter also is shown as unprotected 😓. I will have to figure out why

yashdusing avatar Nov 17 '18 16:11 yashdusing

screenshot_20181117_235839 Updated for main page with postman results

yashdusing avatar Nov 17 '18 18:11 yashdusing