PCI Compliant

Question

Hello,
We are are trying to make a pci compliant website with odoo community 11, in particular we are getting a vulnerability issue, with a Saint scan software when it tries to execute index.jsp (wich of course doesn't exists in Odoo), Odoo webserver response with Javascript code (here a fragment):

Sent: GET /web/content/1715-456fe75/index.JSP
_.isFunction(value)?value.call(object):value;};var idCounter=0;_.uniqueId=function(prefix){var
id=++idCounter+'';return prefix?prefix+id:id;};_.templateS

Ravi Gadhia · Answer

odoo minify all the js and css content and stored in a database and generate unique/hash URL starts with /web/content/XXX/assets and server it WebClient as static assets. sadly it didn't check file extraction resource request.
even GET /web/content/1715-456fe75/index.sucks  # it also accessible :)
so here you have two options
1) configure Nginx and block all the request url start with /web/content and end with an unknown extension (allow only .js, .css. and image extension)
2)  https://github.co

Related Posts	Replies	Views
Don't render code inside <code></code> blocks Solved code html website	2 Oct 19	2644
QWeb view - insert <form> and <t> code problem code qweb website_builder website	2 Aug 19	3340
How to add html code in html field command editor in odoo 15? Solved code html command website commandeditor	1 Mar 23	11843
How to make "add to cart" buttons and quantity outside shop/product page code ecommerce website cart odoo16features	0 Dec 22	2362
how to set the default web site ? Solved website	5 Dec 24	7003

This question has been flagged

Enjoying the discussion? Don't just read, join in!