Security vulnerablity :- HTTP secuirty headers not detected
We are using ACS 5.2.6 with Windows OS.
We have recieved the security vulnerablity (http secuirty headers not detected. And for that we have two solution which are given below:-
Security filters and clickjacking mitigation
You can configure a security filter,SecurityHeadersPolicy, that mitigates clickjacking attacks inAlfresco Share.
SecurityHeadersPolicyis a Java Servlet filter that applies HTTP response headers to incoming requests inShare. The headers that are returned are defined in a configuration section calledSecurityHeadersPolicyinalfresco-security-config.xml.
Three headers are added by default;X-Frame-Options,X-Content-Type-OptionsandX-XSS-Protection:
Adding this header to an HTTP response tells the browser whetherSharepages are permitted inside iframes. In our default configuration we have set this toSAMEORIGINwhich means thatSharepages are only permitted inside iFrames insideShareor in other web applications that live under the same domain.
You can override the configuration and set the header to returnDENYinstead, by placing the following configuration in yourshare-config-custom.xmlfile: