Hi Frank, have you try this? https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests
cas.httpWebRequest.header.xss=true - Andy On Thursday, 1 August 2019 09:04:34 UTC+8, Francisco Laria Saldaña wrote: > > Hi, > > We've got an installation of CAS 5.2.4, where we ran some security test > and noticed that thee login page is allowing XSS, Does anyone know of > settings or changes that can be made to the login module that can help us > prevent this vulnerability? > > Thanks, > Frank > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/de23883f-857e-48e4-a306-c2733bb77417%40apereo.org.