Missing OWASP Secure Headers - Redirection Problem

Hi there,

There is a redirection to auth.ourdomain.com which also redirects to Google, Facebook and Microsoft in order to let user sign in via these accounts.

We are getting following error;

Missing OWASP Secure Headers: ["X-Content-Type-Options","Content-Security-Policy","Referrer-Policy"] for URL https://**.**.com/__/auth/handler?apiKey=****&appName=%5BDEFAULT%5D&authType=signInViaRedirect&providerId=google.com&scopes=profile

We can control our headers but we can no do same for google or facebooks auth windows

Do you have any suggestions?

We will continue with Zoom Auth so you can close this.

Thanks in advance.

These headers are required. For now, though, the recommendation is to handle 3rd party authentication in the system browser. To do that, you’ll need to authenticate on zoom.us before redirecting. Pls see the advanced reference app for this:

1 Like