Technical Tip: Penetration test on FortiGate with SSL VPN port(443) open displays the Content Security Policy as unsafe
| Description | This article describes on 'Penetration test on FortiGate with SSL VPN port(443) open and displays the Content Security Policy as unsafe'. |
| Scope | FortiGate v6.x.x to v7.2.x, and v7.4.x. |
| Solution | 
The reason for including 'unsafe-xxx', blob, or data file system is certain times, issues are seen loading web websites or third-party web applications through the SSL VPN portal when it is necessary to load extra sources.
Reports regarding 'unsafe-eval' and 'unsafe-inline' have already been reported, and the developers concluded them to be necessary for the operation of the SSL VPN portal. To avoid function breakage, 'unsafe-eval' and 'unsafe-inline' are still acceptable.
FortiGate v7.6.3 has removed the unsafe-xxx and unsafe-inline. |