{"id":1679,"date":"2024-05-08T17:36:21","date_gmt":"2024-05-08T09:36:21","guid":{"rendered":"http:\/\/oneai.eu.org\/?p=1679"},"modified":"2024-05-08T17:36:21","modified_gmt":"2024-05-08T09:36:21","slug":"appscan%e5%b8%b8%e8%a7%81%e6%bc%8f%e6%b4%9e%e4%bf%ae%e5%a4%8d","status":"publish","type":"post","link":"https:\/\/oneai.eu.org\/?p=1679","title":{"rendered":"appscan\u5e38\u89c1\u6f0f\u6d1e\u4fee\u590d"},"content":{"rendered":"
https:\/\/www.cnblogs.com\/toughlife\/p\/5469798.html\n\nIBM AppScan \u5b89\u5168\u6f0f\u6d1e\u95ee\u9898\u4fee\u590d\uff08.net\uff09\n\u6309\u95ee\u9898\u7c7b\u578b\u5206\u7c7b\u7684\u95ee\u9898\n\u4f7f\u7528 SQL \u6ce8\u5165\u7684\u8ba4\u8bc1\u65c1\u8def2\n\u5df2\u89e3\u5bc6\u7684\u767b\u5f55\u8bf7\u6c423\n\u767b\u5f55\u9519\u8bef\u6d88\u606f\u51ed\u8bc1\u679a\u4e3e1\n\u4f1a\u8bdd\u6807\u8bc6\u672a\u66f4\u65b02\n\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u90201\nMissing "Content-Security-Policy" header 9\nMissing "X-Content-Type-Options" header 9\nMissing "X-XSS-Protection" header 9\n\u67e5\u8be2\u4e2d\u63a5\u53d7\u7684\u4e3b\u4f53\u53c2\u65701\n\u542f\u7528\u4e86 Microsoft ASP.NET \u8c03\u8bd52\n\u7f3a\u5c11\u8de8\u5e27\u811a\u672c\u7f16\u5236\u9632\u5fa11\n\u5df2\u89e3\u5bc6\u7684 __VIEWSTATE \u53c2\u65701\n\u68c0\u6d4b\u5230\u5e94\u7528\u7a0b\u5e8f\u6d4b\u8bd5\u811a\u672c1\n\u5e94\u7528\u7a0b\u5e8f\u9519\u8bef9\n\u6574\u6570\u6ea2\u51fa3\n\u95ee\u9898\u4fee\u590d \n1\uff0e\u4f7f\u7528 SQL \u6ce8\u5165\u7684\u8ba4\u8bc1\u65c1\u8def\n\n\u7b54\uff1a \u767b\u5f55\u3001\u6ce8\u518c\u9875\u9762\u8f93\u5165\u4fe1\u606f\uff0c\u8fc7\u6ee4sql\u5173\u952e\u5b57\u6216\u5173\u952e\u5b57\u7b26\uff1b\n\n\u63d0\u4ea4\u8868\u5355\u9875\u9762\u3001\u67e5\u8be2\u9875\u9762\u7684\u8f93\u5165\u9879\uff0c\u8fc7\u6ee4sql\u5173\u952e\u5b57\u6216\u5173\u952e\u5b57\u7b26\u3002\n\n\/\/ \u5173\u952e\u5b57\n\nstring StrKeyWord = @"select|insert|delete|from|count\\(|drop table|update|truncate|asc\\(|mid\\(|char\\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and";\n\n\/\/\u5173\u952e\u5b57\u7b26\n\nstring StrRegex = @"[-|;|,|\/|\\(|\\)|\\[|\\]|}|{|%|\\@|*|!|']";\n\n2\uff0e\u5df2\u89e3\u5bc6\u7684\u767b\u5f55\u8bf7\u6c42\n\n\u7b54\uff1a\u4e00\u79cd\u8bf4\u6cd5\u662f\u4f7f\u7528SSL\u8bc1\u4e66\uff0c\u6682\u65f6\u6ca1\u6709\u89e3\u51b3\u3002\n\n3\uff0e\u767b\u5f55\u9519\u8bef\u6d88\u606f\u51ed\u8bc1\u679a\u4e3e\n\n\u7b54\uff1a\u7528\u6237\u767b\u5f55\u65f6\uff0c\u5982\u679c\u8f93\u5165\u9519\u8bef\u7684\u7528\u6237\u4fe1\u606f\uff0c\u6700\u597d\u63d0\u793a\u540c\u4e00\u4e2a\u9519\u8bef\u6d88\u606f\u63d0\u9192\uff0c\u6bd4\u5982\uff1a\u4f60\u7684\u7528\u6237\u540d\u6216\u5bc6\u7801\u8f93\u5165\u9519\u8bef\u3002\u63d0\u4f9b\u679a\u4e3e\u63d0\u793a\uff0c\u5bb9\u6613\u88ab\u66b4\u529b\u7834\u89e3\u3002\n\n4\uff0e\u4f1a\u8bdd\u6807\u8bc6\u672a\u66f4\u65b0\n\n\u7b54\uff1a\u767b\u5f55\u4e4b\u540e\u66f4\u6539\u4f1a\u8bdd\u6807\u8bc6\u7b26\uff0c\u4e3b\u8981\u7528\u4e8e\u767b\u5f55\u9875\u9762\u3002\n\n\u53c2\u8003\u65b9\u6848\uff1a http:\/\/www.2cto.com\/Article\/201302\/190228.html \u6d4b\u8bd5\u6ca1\u6709\u6548\u679c\n\nhttp:\/\/blog.itpub.net\/12639172\/viewspace-441971\/ \u6d4b\u8bd5ok\n\n\u5728\u767b\u5f55\u9875\u9762\uff0c\u6dfb\u52a0\u7ea2\u7ebf\u52a0\u7c97\u90e8\u5206\n\nprotected void Page_Load(object sender, EventArgs e)\n\n{\n\nif (!IsPostBack)\n\n{\n\nSession.Abandon();\n\n\/\/\u6e05\u9664SessionId\n\nResponse.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));\n\ntxt_Fileld1.Focus();\n\n}\n\n}\n\n5\uff0e\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020\n\n\u7b54\uff1a\u6bcf\u4e2a\u9875\u9762\u8bf7\u6c42\u65f6\uff0c\u5224\u65ad\u4e3b\u673a\u548c\u7aef\u53e3\u4e0e\u914d\u7f6e\u6587\u4ef6\u4fe1\u606f\u662f\u5426\u4e00\u81f4\u3002\n\n\u7f51\u4e0a\u53c2\u8003\u65b9\u6cd5\uff1a\n\n1\uff0c\u5229\u7528referer\u5224\u65ad\uff0c\n\n\u4f46\u662f\u7528\u6237\u6709\u53ef\u80fd\u8bbe\u7f6e\u6d4f\u89c8\u5668\u4f7f\u5176\u5728\u53d1\u9001\u8bf7\u6c42\u65f6\u4e0d\u63d0\u4f9b Referer\uff0c\u8fd9\u6837\u7684\u7528\u6237\u4e5f\u5c06\u4e0d\u80fd\u8bbf\u95ee\u7f51\u7ad9\u3002\n\n2\uff0c\u5728\u8bf7\u6c42\u4e2d\u6dfb\u52a0 token \u5e76\u9a8c\u8bc1\n\n\u5173\u952e\u5728\u4e8e\u5728\u8bf7\u6c42\u4e2d\u653e\u5165\u9ed1\u5ba2\u6240\u4e0d\u80fd\u4f2a\u9020\u7684\u4fe1\u606f\uff0c\u5e76\u4e14\u8be5\u4fe1\u606f\u4e0d\u5b58\u5728\u4e8e cookie \u4e4b\u4e2d\uff0c\n\n\u53ef\u4ee5\u5728\u670d\u52a1\u5668\u7aef\u751f\u6210\u4e00\u4e2a\u968f\u673a\u7801\uff0c\u7136\u540e\u653e\u5728form\u7684hidden\u5143\u7d20\u4e2d\uff0cform\u63d0\u4ea4\u7684\u65f6\u5019\u5728\u670d\u52a1\u5668\u7aef\u68c0\u67e5\u3002\n\n6\uff0eMissing "Content-Security-Policy" header\n\n\u7b54\uff1a \u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u54cd\u5e94\u5934\n\n<system.webServer>\n\n<httpProtocol>\n\n<customHeaders>\n\n<add name="X-Content-Type-Options" value="nosniff"\/>\n\n<add name="X-XSS-Protection" value="1;mode=block"\/>\n\n<add name="X-Frame-Options" value="SAMEORIGIN"\/>\n\n<add name="Content-Security-Policy" value="default-src 'self'"\/>\n\n<\/customHeaders>\n\n<\/httpProtocol>\n\n<\/system.webServer>\n\n7\uff0eMissing "X-Content-Type-Options" header\n\n\u7b54\uff1a \u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u54cd\u5e94\u5934\uff0c\u6dfb\u52a0\u8282\u70b9\u89c1 \u7b2c6 \u4e2a\u95ee\u9898\n\n<add name="X-Content-Type-Options" value="nosniff"\/>\n\n8\uff0eMissing "X-XSS-Protection" header\n\n\u7b54\uff1a \u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u54cd\u5e94\u5934\uff0c\u6dfb\u52a0\u8282\u70b9\u89c1 \u7b2c6 \u4e2a\u95ee\u9898<add name="X-XSS-Protection" value="1;mode=block"\/>\n\n9\uff0e\u67e5\u8be2\u4e2d\u63a5\u53d7\u7684\u4e3b\u4f53\u53c2\u6570\n\n\u7b54\uff1a\u672a\u89e3\u51b3\n\n10\uff0e\u542f\u7528\u4e86 Microsoft ASP.NET \u8c03\u8bd5\n\n\u7b54\uff1a\u5e94\u7528\u7a0b\u5e8f\u53d1\u5e03\u540e\uff0c\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u8282\u70b9compilation \u7684\u5c5e\u6027 debug\u4e3a false\u3002<compilation debug="false" targetFramework="4.0"\/>\n\n11\uff0e\u7f3a\u5c11\u8de8\u5e27\u811a\u672c\u7f16\u5236\u9632\u5fa1\n\n\u7b54\uff1a\u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u54cd\u5e94\u5934\uff0c\u6dfb\u52a0\u8282\u70b9\u89c1 \u7b2c6 \u4e2a\u95ee\u9898<add name="Content-Security-Policy" value="default-src 'self'"\/>\n\n\u6ce8\u610f\uff0c\u6dfb\u52a0\u4e4b\u540e\uff0c\u53ef\u80fd\u4f1a\u51fa\u73b0\u4e0d\u540c\u6d4f\u89c8\u5668\uff0c\u51fa\u73b0\u517c\u5bb9\u6027\u95ee\u9898\uff0c\u4f1a\u6709\u4e0d\u540c\u7684\u53cd\u5e94\u3002\u6bd4\u5982\uff0c\u6781\u901f\u6a21\u5f0f\u4f1a\u51fa\u73b0\u9875\u9762\u5185\u90e8css\u65e0\u6548\u3002\n\n12\uff0e\u5df2\u89e3\u5bc6\u7684 __VIEWSTATE \u53c2\u6570\n\n\u7b54\uff1a\u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0 pages \u7684\u5c5e\u6027viewStateEncryptionMode \u4e3aAlways\u3002<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" viewStateEncryptionMode="Always" \/>\n\n13\uff0e\u68c0\u6d4b\u5230\u5e94\u7528\u7a0b\u5e8f\u6d4b\u8bd5\u811a\u672c\n\n\u7b54\uff1a \u5728\u7cfb\u7edf\u5f00\u53d1\u8fc7\u7a0b\u4e2d\uff0c\u6dfb\u52a0\u7684\u6d4b\u8bd5\u9875\u9762\uff0c\u5728\u7a0b\u5e8f\u53d1\u5e03\u524d\u9700\u8981\u201c\u4ece\u9879\u76ee\u4e2d\u6392\u9664\u201d\u540e\u518d\u53d1\u5e03\u3002\n\n14\uff0e\u5e94\u7528\u7a0b\u5e8f\u9519\u8bef\n\n\u7b54\uff1a\u51fa\u73b0\u5e94\u7528\u7a0b\u5e8f\u9519\u8bef\u9875\u9762\u3002\u5982 \uff1aServer Error in '\/' Application.\n\n\u4e00\u662f\u89e3\u51b3\u5c5e\u4e8e\u5f00\u53d1\u4eba\u5458\u7684\u5e94\u7528\u7a0b\u5e8f\u9519\u8bef\u95ee\u9898\uff0c\u4e8c\u662f\u5728\u914d\u7f6e\u6587\u4ef6\u6dfb\u52a0\u9ed8\u8ba4\u51fa\u9519\u9875\u9762\n\n<customErrors mode="On" defaultRedirect="~\/error.html" \/>15\uff0e\u6574\u6570\u6ea2\u51fa\n\n\u7b54\uff1a\u60c5\u51b5\u4e00\uff1a\u9488\u5bf9\u8bf7\u6c42\u7684url\u4e2d\u7684\u53c2\u6570\uff0c \u68c0\u67e5\u5176\u6570\u636e\u7c7b\u578b\u53ca\u8fb9\u754c\u8303\u56f4\u3002\n\n\u5982 \/ApplyShow.aspx?id=99999999999999999999\n\n\u60c5\u51b5\u4e8c\uff1a\u767b\u5f55\u9875\u9762\u6309\u94ae\u53c2\u6570\uff0c\u5728\u8bf7\u6c42\u6b63\u6587\u91cc\uff0c\u672a\u627e\u5230\u539f\u56e0\uff1f\uff1f\uff1f\n\nhttp:\/\/localhost:83\/login.aspx \u5b9e\u4f53\uff1a ImgbtnDl.y (Parameter)\n\n16\uff0eWebResource.axd\n\nWebResources.axd?d=xyz\u3002WebResource.axd\u6709\u4e00\u4e2a\u7279\u70b9\uff0c\u4fbf\u662f\u4f1a\u5bf9\u9519\u8bef\u7684\u5bc6\u6587\uff08\u5373d=xyz\u4e2d\u7684xyz\uff09\u4ea7\u751f500\u9519\u8bef\uff0c\u800c\u5bf9\u6b63\u786e\u7684\u5bc6\u6587\u4ea7\u751f404\u9519\u8bef\uff0c\u8fd9\u4fbf\u5f62\u6210\u4e86\u8db3\u591f\u7684\u63d0\u793a\n\n\u53c2\u8003\u8d44\u6599\uff1ahttp:\/\/www.2cto.com\/Article\/201009\/75162.html\n\nhttp:\/\/pan.baidu.com\/share\/link?shareid=3851057069&uk=2164275402\n\nhttp:\/\/www.cnblogs.com\/JeffreyZhao\/archive\/2010\/09\/25\/things-about-padding-oracle-vulnerability-in-asp-net.html\n\nhttp:\/\/www.cnblogs.com\/shanyou\/archive\/2010\/09\/25\/1834889.html Padding Oracle Attack \u68c0\u6d4b\u5de5\u5177\n\n\u89e3\u51b3\u65b9\u6cd5\uff1a http:\/\/www.cnblogs.com\/shanyou\/archive\/2010\/09\/24\/1833757.html  \u4e2d\u6587\u7248http:\/\/weblogs.asp.net\/scottgu\/important-asp-net-security- vulnerability   \u82f1\u6587\u7248\n\n1.\u6dfb\u52a0\u914d\u7f6e\u8282\u70b9\n\n.net 3.5 \u53ca\u4ee5\u524d\u7248\u672c\uff0c\u6dfb\u52a0\u914d\u7f6e\u8282\u70b9\n\n<customErrors mode="On" defaultRedirect="~\/error.html" \/>\n\n.net 3.5 SP1 \u6216 .net 4.0\u6dfb\u52a0\u5982\u4e0b\u914d\u7f6e\u8282\u70b9\uff0c\u6ce8\u610f\u52a0\u7c97\u90e8\u5206\u5fc5\u987b\n\n<customErrors mode="On" defaultRedirect="~\/error.aspx" redirectMode="ResponseRewrite" \/>\n\n2.\u6dfb\u52a0\u9ed8\u8ba4\u9519\u8bef\u9875\u9762\n\n<%@ Page Language="C#" AutoEventWireup="true" %>\n<%@ Import Namespace="System.Security.Cryptography" %>\n<%@ Import Namespace="System.Threading" %>\n<script runat="server">\n   void Page_Load() {\n    byte[] delay = new byte[1];\n    RandomNumberGenerator prng = new RNGCryptoServiceProvider();\n    prng.GetBytes(delay);\n    Thread.Sleep((int)delay[0]);\n    IDisposable disposable = prng as IDisposable;\n    if (disposable != null) { disposable.Dispose(); }\n  }\n<\/script>\n<html>\n<head runat="server">\n  <title>Error<\/title>\n<\/head>\n<body>\n  <div>\n    An error occurred while processing your request.\n  <\/div>\n<\/body>\n<\/html>\n\u5982\u679c\u8c01\u6709\u66f4\u597d\u7684\u89e3\u51b3\u65b9\u6cd5 \uff0c\u8c22\u8c22\u63d0\u4f9b\uff01\n\n\u8f6c\u8f7d\u81ea\uff1ahttp:\/\/www.tuicool.com\/articles\/Ajqa2uj\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
https:\/\/www.cnblogs.com\/toughlife\/p\/5469798.html IBM AppScan \u5b89\u5168\u6f0f\u6d1e\u95ee\u9898\u4fee\u590d\uff08.net\uff09 \u6309\u95ee\u9898\u7c7b\u578b\u5206\u7c7b\u7684\u95ee\u9898 \u4f7f\u7528 SQL \u6ce8\u5165\u7684\u8ba4\u8bc1\u65c1\u8def2 \u5df2\u89e3\u5bc6\u7684\u767b\u5f55\u8bf7\u6c423 \u767b\u5f55\u9519\u8bef\u6d88\u606f\u51ed\u8bc1\u679a\u4e3e1 \u4f1a\u8bdd\u6807\u8bc6\u672a\u66f4\u65b02 \u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u90201 Missing "Content-Security-Policy" header 9 Missing "X-Content-Type-Options" header 9 Missing "X-XSS-Protection" header 9 \u67e5\u8be2\u4e2d\u63a5\u53d7\u7684\u4e3b\u4f53\u53c2\u65701 \u542f\u7528\u4e86 Microsoft ASP.NET \u8c03\u8bd52 \u7f3a\u5c11\u8de8\u5e27\u811a\u672c\u7f16\u5236\u9632\u5fa11 \u5df2\u89e3\u5bc6\u7684 __VIEWSTATE \u53c2\u65701 \u68c0\u6d4b\u5230\u5e94\u7528\u7a0b\u5e8f\u6d4b\u8bd5\u811a\u672c1 \u5e94\u7528\u7a0b\u5e8f\u9519\u8bef9 \u6574\u6570\u6ea2\u51fa3 \u95ee\u9898\u4fee\u590d 1\uff0e\u4f7f\u7528 SQL \u6ce8\u5165\u7684\u8ba4\u8bc1\u65c1\u8def \u7b54\uff1a \u767b\u5f55\u3001\u6ce8\u518c\u9875\u9762\u8f93\u5165\u4fe1\u606f\uff0c\u8fc7\u6ee4sql\u5173\u952e\u5b57\u6216\u5173\u952e\u5b57\u7b26\uff1b \u63d0\u4ea4\u8868\u5355\u9875\u9762\u3001\u67e5\u8be2\u9875\u9762\u7684\u8f93\u5165\u9879\uff0c\u8fc7\u6ee4sql\u5173\u952e\u5b57\u6216\u5173\u952e\u5b57\u7b26\u3002 \/\/ \u5173\u952e\u5b57 string StrKeyWord = @"select|insert|delete|from|count\\(|drop table|update|truncate|asc\\(|mid\\(|char\\(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and"; \/\/\u5173\u952e\u5b57\u7b26 string StrRegex = @"[-|;|,|\/|\\(|\\)|\\[|\\]|}|{|%|\\@|*|!|']"; 2\uff0e\u5df2\u89e3\u5bc6\u7684\u767b\u5f55\u8bf7\u6c42 \u7b54\uff1a\u4e00\u79cd\u8bf4\u6cd5\u662f\u4f7f\u7528SSL\u8bc1\u4e66\uff0c\u6682\u65f6\u6ca1\u6709\u89e3\u51b3\u3002 3\uff0e\u767b\u5f55\u9519\u8bef\u6d88\u606f\u51ed\u8bc1\u679a\u4e3e \u7b54\uff1a\u7528\u6237\u767b\u5f55\u65f6\uff0c\u5982\u679c\u8f93\u5165\u9519\u8bef\u7684\u7528\u6237\u4fe1\u606f\uff0c\u6700\u597d\u63d0\u793a\u540c\u4e00\u4e2a\u9519\u8bef\u6d88\u606f\u63d0\u9192\uff0c\u6bd4\u5982\uff1a\u4f60\u7684\u7528\u6237\u540d\u6216\u5bc6\u7801\u8f93\u5165\u9519\u8bef\u3002\u63d0\u4f9b\u679a\u4e3e\u63d0\u793a\uff0c\u5bb9\u6613\u88ab\u66b4\u529b\u7834\u89e3\u3002 4\uff0e\u4f1a\u8bdd\u6807\u8bc6\u672a\u66f4\u65b0 \u7b54\uff1a\u767b\u5f55\u4e4b\u540e\u66f4\u6539\u4f1a\u8bdd\u6807\u8bc6\u7b26\uff0c\u4e3b\u8981\u7528\u4e8e\u767b\u5f55\u9875\u9762\u3002 \u53c2\u8003\u65b9\u6848\uff1a http:\/\/www.2cto.com\/Article\/201302\/190228.html \u6d4b\u8bd5\u6ca1\u6709\u6548\u679c http:\/\/blog.itpub.net\/12639172\/viewspace-441971\/ \u6d4b\u8bd5ok \u5728\u767b\u5f55\u9875\u9762\uff0c\u6dfb\u52a0\u7ea2\u7ebf\u52a0\u7c97\u90e8\u5206 protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { Session.Abandon(); \/\/\u6e05\u9664SessionId Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", "")); txt_Fileld1.Focus(); } } 5\uff0e\u8de8\u7ad9\u70b9\u8bf7\u6c42\u4f2a\u9020 \u7b54\uff1a\u6bcf\u4e2a\u9875\u9762\u8bf7\u6c42\u65f6\uff0c\u5224\u65ad\u4e3b\u673a\u548c\u7aef\u53e3\u4e0e\u914d\u7f6e\u6587\u4ef6\u4fe1\u606f\u662f\u5426\u4e00\u81f4\u3002 \u7f51\u4e0a\u53c2\u8003\u65b9\u6cd5\uff1a 1\uff0c\u5229\u7528referer\u5224\u65ad\uff0c \u4f46\u662f\u7528\u6237\u6709\u53ef\u80fd\u8bbe\u7f6e\u6d4f\u89c8\u5668\u4f7f\u5176\u5728\u53d1\u9001\u8bf7\u6c42\u65f6\u4e0d\u63d0\u4f9b Referer\uff0c\u8fd9\u6837\u7684\u7528\u6237\u4e5f\u5c06\u4e0d\u80fd\u8bbf\u95ee\u7f51\u7ad9\u3002 2\uff0c\u5728\u8bf7\u6c42\u4e2d\u6dfb\u52a0 token \u5e76\u9a8c\u8bc1 \u5173\u952e\u5728\u4e8e\u5728\u8bf7\u6c42\u4e2d\u653e\u5165\u9ed1\u5ba2\u6240\u4e0d\u80fd\u4f2a\u9020\u7684\u4fe1\u606f\uff0c\u5e76\u4e14\u8be5\u4fe1\u606f\u4e0d\u5b58\u5728\u4e8e cookie \u4e4b\u4e2d\uff0c \u53ef\u4ee5\u5728\u670d\u52a1\u5668\u7aef\u751f\u6210\u4e00\u4e2a\u968f\u673a\u7801\uff0c\u7136\u540e\u653e\u5728form\u7684hidden\u5143\u7d20\u4e2d\uff0cform\u63d0\u4ea4\u7684\u65f6\u5019\u5728\u670d\u52a1\u5668\u7aef\u68c0\u67e5\u3002 6\uff0eMissing "Content-Security-Policy" header \u7b54\uff1a \u5728web.config \u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0\u5982\u4e0b\u54cd\u5e94\u5934 <system.webServer> <httpProtocol> <customHeaders> <add name="X-Content-Type-Options" value="nosniff"\/> <add name="X-XSS-Protection" value="1;mode=block"\/> <add name="X-Frame-Options" value="SAMEORIGIN"\/> <add name="Content-Security-Policy" value="default-src 'self'"\/> <\/customHeaders> <\/httpProtocol&gt…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[95,80],"tags":[],"class_list":["post-1679","post","type-post","status-publish","format-standard","hentry","category-95","category-80"],"_links":{"self":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1679"}],"version-history":[{"count":1,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1679\/revisions"}],"predecessor-version":[{"id":1680,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=\/wp\/v2\/posts\/1679\/revisions\/1680"}],"wp:attachment":[{"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oneai.eu.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}