Topic
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Instructions
To disable cross-site scripting, do the following.
- Go to C:\Nintex\IDP\Aerobase\Data\nginx\conf.d
- Open nginx-security-hardening.import using a text editor
- write below line:
add_header "X-Frame-Options" "ALLOW-FROM <FQDN>";
- Save and close the file
- Restart RPA services
- Check below components are working and one should be able to login:
Aerobase
Admin
Studio
Robot - In case if customer asks to disable lower TLS protocol e.g. (tls 1.0/ tls1.1) then kindly update the following two files:
Remove tlsv1 and tlsv1.1 from files aerobase-http.conf and aerobase-subdomains.conf