Missing OWASP Secure Headers - Redirection Problem

quizflight · September 29, 2022, 8:02am

Hi there,

There is a redirection to auth.ourdomain.com which also redirects to Google, Facebook and Microsoft in order to let user sign in via these accounts.

We are getting following error;

Missing OWASP Secure Headers: ["X-Content-Type-Options","Content-Security-Policy","Referrer-Policy"] for URL https://**.**.com/__/auth/handler?apiKey=****&appName=%5BDEFAULT%5D&authType=signInViaRedirect&providerId=google.com&scopes=profile

We can control our headers but we can no do same for google or facebooks auth windows

Do you have any suggestions?

quizflight · October 17, 2022, 1:08pm

We will continue with Zoom Auth so you can close this.

Thanks in advance.

JonStewart · October 17, 2022, 9:16pm

These headers are required. For now, though, the recommendation is to handle 3rd party authentication in the system browser. To do that, you’ll need to authenticate on zoom.us before redirecting. Pls see the advanced reference app for this:

Topic		Replies	Views
Zoom app new window due to OWASP headers in third party source Zoom Apps	0	246	November 9, 2023
Console error - Missing OWASP Secure Headers: Zoom Apps	1	562	July 6, 2022
OAuth App Authorization Problems w/Facebook and Google API and Webhooks	6	1606	August 21, 2020
Domain List Dilemma Zoom Apps	11	447	November 3, 2022
Newbie question running Zoom Apps sample Zoom Apps	13	876	June 27, 2022

Missing OWASP Secure Headers - Redirection Problem

Related Topics