Question
Sun Life Financial Company
CA
Posted: Nov 4, 2020
Last activity: Nov 4, 2020
Last activity: 4 Nov 2020 15:30 EST
Closed
Cross Site Websocket Hijacking security issue
Hi,
We got Cross Site Websocket Hijacking issue flagged in vulnerability scan on prpushservlet. We have disabled it using below DSS. Is this sufficient to secure websockets or do we need to use CSRF?
- prconfig/operatorpresence/enabled/default
- prconfig/server-push/enabled/default
***Edited by Moderator Marissa to update Support Case Details***
To see attachments, please log in.