During the security scanning for Microsoft power bi server, one of our client has identified few response headers and other defects.
As we have seen that the report server doesn't have an option to set up the web server and response header configurations, could you please assist us in setting up the response headers for the BI Server.
below are the reported defects.
- Cross site scripting (content-sniffing)
Affected Item (/reports/api/v2.0/SystemResources)
- Slow HTTP Denial of Service Attack
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
- Cookies with missing, inconsistent or contradictory properties
Affected Item (/RPA/Cookie_Validator.js)
- HTTP Strict Transport Security (HSTS) not implemented
- Content Security Policy (CSP) not implemented / Insecure Referrer Policy
For majority of the defects, we cannot apply the fixes as the web server property is not found or urlrewrite cannot be found as part of the report server.
Please advise
Thank You,
Abdul Jaleel
v-xiaoyan-msft
on:
"Sort by column" should work regardless of key col...