Thanks, Andy. We'll try that and will let you know if it worked so others can use this answer as well.
On Thursday, August 1, 2019 at 4:58:16 AM UTC-5, Andy Ng wrote: > > Hi Frank, > > have you try this? > > https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-web-requests > > cas.httpWebRequest.header.xss=true > > > > - Andy > > On Thursday, 1 August 2019 09:04:34 UTC+8, Francisco Laria Saldaña wrote: >> >> Hi, >> >> We've got an installation of CAS 5.2.4, where we ran some security test >> and noticed that thee login page is allowing XSS, Does anyone know of >> settings or changes that can be made to the login module that can help us >> prevent this vulnerability? >> >> Thanks, >> Frank >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4221d224-c001-4b48-829f-affcb7adaff0%40apereo.org.
