Last post Jul 03, 2017 06:50 AM by Cathy Zou
Jul 02, 2017 07:21 PM|kvmani32hASPNet|LINK
I Have a Security Issue on my Web Application.
My ASP.NET Web application did not enforce a content security policy. This could potentially allow an attacker to insert malicious, executable content into the application's responses.
CSP is currently supported by most modern browsers, with the exception of Internet Explorer, which only offers partial support from version 10. The following browser versions have full support:
* Firefox - 23+
* Chrome - 25+
* Safari - 7+
How Can I Prevent that?
Below are the Technologies Using:
C#.Net, ASP.Net, SQL Server 2008 R2, Java Script.
Please assist me.
Jul 03, 2017 06:50 AM|Cathy Zou|LINK
Do you want to prevent the xss attack ?
You could try to enable request validation.
And you could refer to the link below for a tutorial:
If you want to use CSP, you could try to use <meta> tag in your master page or other page to apply the policy.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval'">
There are some tutorials of using csp: