Activities of "Rajasekhar"

All Question Answer
Newest Oldest
Couldn't add source code of SaaS module #2445
Answer

seems cli 5.1.2 updated. suite when it will available?

CSP header missing - How to set CSP correctly to mitigate XSS attacks #2394
Answer

Thanks

CSP header missing - How to set CSP correctly to mitigate XSS attacks #2394
Question
  • ABP Framework version: v5.0.0
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

We have deployed the ABP application for security testing and we have got CSP header missing Vulnerability

Please let us know how to configure the sever to return Content Security Policy HTTP header.

Background Job is called multiple times when enqueued #2346
Answer

Hi,

I can't reproduce the problem, can you share all steps to reproduce it?

We are sending an email in the ExecuteAsync method, so i doubt delay in sending email is triggering it multiple times.

For test, Even if put a debug point on ExceuteAsync and wait for couple of seconds before continue i'm receiving multiple hits.

Shall I encrypt this https://example.com/Abp/ServiceProxyScript #2261
Answer

Replace means shall i encrypt the data? if i encrypt the AbpServiceproxyScript client server communication may cause any issues?

Shall I encrypt this https://example.com/Abp/ServiceProxyScript #2261
Answer

Actually i need help both encrypting and decrypting the ServiceProxyScript. do you have any inputs please let me know

Shall I encrypt this https://example.com/Abp/ServiceProxyScript #2261
Question

I want to encrypt this(https://example.com/Abp/ServiceProxyScript) for security reasons is it possible

Sensitive information disclosed in configuration files #2172
Question
  • ABP Framework version: v4.4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC): no
  • Exception message and stack trace: As observed that, application disclose application configuration file to end user.
  • Steps to reproduce the issue:" As observed that, application disclose application configuration file to end user.

https://example.com/Abp/ApplicationConfigurationScript

Shall I encrypt this https://example.com/Abp/ServiceProxyScript

API endpoint is disclosed in source code #2171
Question
  • ABP Framework version: v4.4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC): no
  • Exception message and stack trace: Sensitive API end points like account-admin revealed in sourcecode
  • Steps to reproduce the issue:"

Not able to Explicitly set application cookie path for my Application #1852
Answer

After setting the cookie path. we are not able to login.

I am getting error like this :

2021-09-18 19:59:22.135 -07:00 [INF] Antiforgery token validation failed. The required antiforgery cookie ".AspNetCore.Antiforgery.BAuz9xcm0sM" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery cookie ".AspNetCore.Antiforgery.BAuz9xcm0sM" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) 2021-09-18 19:59:22.254 -07:00 [INF] Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.AutoValidateAntiforgeryTokenAuthorizationFilter'. 2021-09-18 19:59:22.260 -07:00 [INF] Executing HttpStatusCodeResult, setting HTTP status code 400

Showing 41 to 50 of 50 entries
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11