D99
Jul 07, 2021Cirrus
Content-Security-Policy response header to mitigate JavaScript Library with Known Vulnerability
Hi Experts,
We have a vulnerability reported on one of our hosted application
150162 Use of JavaScript Library with Known Vulnerability. Application team cannot remediate this due to some limitation on their end and want to solve this by using CSP on F5
Need your support if we can achieve this using LTM policies or irules
Remediation from OEM:
Enable Content-Security-Policy response header for MPP with the following directives to mitigate XSS.
Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self';