SAP Knowledge Base Article - Public

2721970 - Enabling Browser Side Cross Site Scripting Protections in SAP SuccessFactors Learning.


How to enable Browser Side Cross Site Scripting Protections in SAP SuccessFactors Learning


SAP SuccessFactors Learning


What is XSS?

--> XSS is a common attack against a web-based application that allows an attacker to execute code on the vulnerable website.

What is CSRF?

--> Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful cross-site request forgery attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In affect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized function has been committed.

Enabling Browser Side Cross Site Scripting Protections in SAP SuccessFactors Learning.

--> Go to SAP SuccessFactors Learning Administration and then go to  System Admin > Configuration  > System Configuration .
--> Set browserXSSFilterHeader.enabled to true.
--> If you want to exclude any URL from sending the header, add them in browserXSSFilterHeader.excludeURI.
Click Apply Changes.

Also refer below KBA for more information.


browserXSSFilterHeader.enabled , WEB_SECURITY , XSS , CSRF , Cross-Site Request Forgery (CSRF) , Cross-Site. , KBA , LOD-SF-LMS-COR , LMS Core - Items, Catalog, Curricula , Problem


SAP SuccessFactors Learning all versions