PCI Compliant

Question

Hello,
We are are trying to make a pci compliant website with odoo community 11, in particular we are getting a vulnerability issue, with a Saint scan software when it tries to execute index.jsp (wich of course doesn't exists in Odoo), Odoo webserver response with Javascript code (here a fragment):

Sent: GET /web/content/1715-456fe75/index.JSP
_.isFunction(value)?value.call(object):value;};var idCounter=0;_.uniqueId=function(prefix){var
id=++idCounter+'';return prefix?prefix+id:id;};_.templateS

Ravi Gadhia · Answer

odoo minify all the js and css content and stored in a database and generate unique/hash URL starts with /web/content/XXX/assets and server it WebClient as static assets. sadly it didn't check file extraction resource request.
even GET /web/content/1715-456fe75/index.sucks  # it also accessible :)
so here you have two options
1) configure Nginx and block all the request url start with /web/content and end with an unknown extension (allow only .js, .css. and image extension)
2)  https://github.co

Related Posts	Replies	Views
Don't render code inside <code></code> blocks Solved code html website	2 अक्तू॰ 19	3782
QWeb view - insert <form> and <t> code problem code qweb website_builder website	2 अग॰ 19	4245
How to add html code in html field command editor in odoo 15? Solved code html command website commandeditor	1 मार्च 23	14661
How to make "add to cart" buttons and quantity outside shop/product page code ecommerce website cart odoo16features	0 दिस॰ 22	3842
How to Hide website Menus based on Groups website	2 अग॰ 25	574

This question has been flagged

Enjoying the discussion? Don't just read, join in!