RoboHelp Output Security Issues

Community Beginner ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

Greetings!

I am using RH 2020.7.0 to generate Frameless Help. Our client is running security scans on the RH output and has identified three issues with possible solutions:

1 - 150124 Clickjacking - Framable Page (Solutions: X-Frame-Options: This HTTP response header can be used to prevent framing of web pages.  OR/AND Content-Security-Policy: The 'frame-ancestors' directive can be used to prevent framing of web pages.)

2 - 150122 Cookie Does Not Contain The "secure" Attribute (Solutions If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.)

3 - 150123 Cookie Does Not Contain The "HTTPOnly" Attribute (Solution: If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies.)

 

I do not understand the issues nor how to apply the recommended solutions.

 

Can anyone help guide me as to how and in what files would I make these changes?

 

Thank you!

Tonya

 

Views

29

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

You (or they) need to contact the RH folks for this sort of stuff - see https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp for your Adobe Support options. I'd recommend using the tcssup@adobe.com e-mail address as it reaches a team dedicated to Technical Communication Suite products including RoboHelp.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

Thank you! I will reach out to them.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

Almost certainly it will be a false positive as most posts like this prove to be. However, that's not enough for your client and @Jeff_Coatsworth has said, you must go to Support.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

New Users: Default forum names can be changed in your Account Settings.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 14, 2022 Jun 14, 2022

Copy link to clipboard

Copied

LATEST

I should have mentioned there is a known case at the moment but I don't have details of the message they are getting. Contacting Support is a must regardless but try posting in this thread to see if the warnings they are getting or the tool used to scan are the same. They have posted the tool but not the detail of the warnings. Maybe they will post the details if you ask.

 

https://community.adobe.com/t5/robohelp-discussions/insecure-randomness-security-vulnerability-in-ro...

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

New Users: Default forum names can be changed in your Account Settings.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
Download Adobe RoboHelp