Due to security issues, I want to implement csrf token for login page, giving anti csrf token on zap test
Any help on this?
Due to security issues, I want to implement csrf token for login page, giving anti csrf token on zap test
What do you mean by βzap testβ ?
Zap is a tool that performs security test.
Suite 7 doesnβt have the XSRF-TOKEN cookie.
Suite 8 has the XSRF-TOKEN cookie.
You could propose a code fix to add these CSRF prevention headers to Suite 7:
x-xss-protection: 1;mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-your-random-nonce'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';
Where can I add this header in suite7. Can you please suggest a solution