Symptom
How to enable Browser Side Cross Site Scripting Protections in SAP SuccessFactors Learning
Environment
SAP SuccessFactors Learning
Resolution
What is XSS?
--> XSS is a common attack against a web-based application that allows an attacker to execute code on the vulnerable website.
What is CSRF?
--> Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful cross-site request forgery attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In affect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized function has been committed.
Enabling Browser Side Cross Site Scripting Protections in SAP SuccessFactors Learning.
--> Go to SAP SuccessFactors Learning Administration and then go to System Admin > Configuration > System Configuration .
--> Edit WEB_SECURITY.
--> Set browserXSSFilterHeader.enabled to true.
--> If you want to exclude any URL from sending the header, add them in browserXSSFilterHeader.excludeURI.
Click Apply Changes.
Also refer below KBA for more information.
Keywords
browserXSSFilterHeader.enabled , WEB_SECURITY , XSS , CSRF , Cross-Site Request Forgery (CSRF) , Cross-Site. , KBA , LOD-SF-LMS-COR , LMS Core - Items, Catalog, Curricula , Problem