CA Identity Manager CSP headers with Unsafe-inline and unsafe-eval parameters
search cancel

CA Identity Manager CSP headers with Unsafe-inline and unsafe-eval parameters

book

Article ID: 372937

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Is there any fix for the CSP headers with Unsafe-inline and unsafe-eval parameters concerning the XSS and Clickjacking?

Environment

IDM 14.5.1

Cause

The CSP header was configured with unsafe-eval and unsafe-inline directives

Resolution

Concerning XSS and Clickjacking, we do have an alternate defense mechanism in place in the application, so we don't recommend configuring the CSP header with unsafe-eval and unsafe-inline directives.

If the vulnerability is reported, then we suspect that the CSP was configured with those two directives, and the scan test might report the issue.

 

Additional Information

Reference Defect #DE581425

Powered by Wolken Software