PCI Compliant

Question

Hello,
We are are trying to make a pci compliant website with odoo community 11, in particular we are getting a vulnerability issue, with a Saint scan software when it tries to execute index.jsp (wich of course doesn't exists in Odoo), Odoo webserver response with Javascript code (here a fragment):

Sent: GET /web/content/1715-456fe75/index.JSP
_.isFunction(value)?value.call(object):value;};var idCounter=0;_.uniqueId=function(prefix){var
id=++idCounter+'';return prefix?prefix+id:id;};_.templateS

Ravi Gadhia · Answer

odoo minify all the js and css content and stored in a database and generate unique/hash URL starts with /web/content/XXX/assets and server it WebClient as static assets. sadly it didn't check file extraction resource request.
even GET /web/content/1715-456fe75/index.sucks  # it also accessible :)
so here you have two options
1) configure Nginx and block all the request url start with /web/content and end with an unknown extension (allow only .js, .css. and image extension)
2)  https://github.co

Publicaciones relacionadas	Respuestas	Vistas
Don't render code inside <code></code> blocks Resuelto code html website	2 oct 19	3787
QWeb view - insert <form> and <t> code problem code qweb website_builder website	2 ago 19	4246
How to add html code in html field command editor in odoo 15? Resuelto code html command website commandeditor	1 mar 23	14663
How to make "add to cart" buttons and quantity outside shop/product page code ecommerce website cart odoo16features	0 dic 22	3846
How to Hide website Menus based on Groups website	2 ago 25	582

Se marcó esta pregunta

¿Le interesa esta conversación? ¡Participe en ella!