Hi, We are using below header to fix the vulnerabilities.
Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';" But after that application content is getting blocked while accessing it through browser. We have given a try with same header but with different value. Header set Content-Security-Policy "frame-ancestors" Application is able show the content in IE and Firefox but not in chrome. Please suggest a fx immediately. Best Regards [http://marketing.wiprodigital.com/apps/wipro-esig/assets/images/logo-01.jpg]<http://www.wipro.com/> Saikiran M Middleware Administrator | SNXT Operations - Global Service Management Centre Wipro Limited p: 214924 | Toll Free 1800 200 5656 #146/147, Metagalli industrial area, Mysore 570 016 | Karnataka, INDIA [cid:image002.png@01D198BF.43C16BA0] DO BUSINESS BETTER CONSULTING | SYSTEM INTEGRATION | BUSINESS PROCESS SERVICES [cid:image003.png@01D198BF.43C16BA0]<http://www.facebook.com/WiproTechnologies> [cid:image004.png@01D198BF.43C16BA0]<http://twitter.com/Wipro> [cid:image005.png@01D198BF.43C16BA0]<http://www.linkedin.com/company/1318> [cid:image006.png@01D198BF.43C16BA0]<http://www.youtube.com/user/Wiprovideos> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
