Topic
Cross-site scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Instructions
To disable cross-site scripting, do the following:
-
Go to C:\Nintex\IDP\Aerobase\Data\nginx\conf.d
-
Open nginx-security-hardening.import using a text editor
-
Insert the line: add_header "X-Frame-Options" "ALLOW-FROM <FQDN>";
-
Save and close the file
-
Restart RPA services
-
Check that the components listed below are working and you are able to login:
- Aerobase
- Admin
- Studio
- Robot -
If a customer asks to disable lower TLS protocol e.g. (tls 1.0/ tls1.1) then kindly update the following two files:
Remove tlsv1 and tlsv1.1 from files aerobase-http.conf and aerobase-subdomains.conf