Skip to main content
T
Tonya Bov
Known Participant
June 14, 2022
Question

RoboHelp Output Security Issues

  • June 14, 2022
  • 3 replies
  • 243 views

Greetings!

I am using RH 2020.7.0 to generate Frameless Help. Our client is running security scans on the RH output and has identified three issues with possible solutions:

1 - 150124 Clickjacking - Framable Page (Solutions: X-Frame-Options: This HTTP response header can be used to prevent framing of web pages.  OR/AND Content-Security-Policy: The 'frame-ancestors' directive can be used to prevent framing of web pages.)

2 - 150122 Cookie Does Not Contain The "secure" Attribute (Solutions If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.)

3 - 150123 Cookie Does Not Contain The "HTTPOnly" Attribute (Solution: If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies.)

 

I do not understand the issues nor how to apply the recommended solutions.

 

Can anyone help guide me as to how and in what files would I make these changes?

 

Thank you!

Tonya

 

    This topic has been closed for replies.

    3 replies

    Peter Grainge
    Community Expert
    Peter GraingeCommunity Expert
    Community Expert
    June 14, 2022

    I should have mentioned there is a known case at the moment but I don't have details of the message they are getting. Contacting Support is a must regardless but try posting in this thread to see if the warnings they are getting or the tool used to scan are the same. They have posted the tool but not the detail of the warnings. Maybe they will post the details if you ask.

     

    https://community.adobe.com/t5/robohelp-discussions/insecure-randomness-security-vulnerability-in-robohelp-version-2020-7-46/td-p/12919639

    ________________________________________________________

    My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

     

    Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.
    Peter Grainge
    Community Expert
    Peter GraingeCommunity Expert
    Community Expert
    June 14, 2022

    Almost certainly it will be a false positive as most posts like this prove to be. However, that's not enough for your client and @Jeff_Coatsworth has said, you must go to Support.

    ________________________________________________________

    My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

     

    Use the menu (bottom right) to mark the Best Answer or Highlight particularly useful replies. Found the answer elsewhere? Share it here.
      Jeff_Coatsworth
      Community Expert
      Jeff_CoatsworthCommunity Expert
      Community Expert
      June 14, 2022

      You (or they) need to contact the RH folks for this sort of stuff - see https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp for your Adobe Support options. I'd recommend using the tcssup@adobe.com e-mail address as it reaches a team dedicated to Technical Communication Suite products including RoboHelp.

      T
      Tonya BovAuthor
      Known Participant
      June 14, 2022

      Thank you! I will reach out to them.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices