Bug #26033
Updated by Clark ANDRIANASOLO 16 days ago
When displaying an openscap report in 8.2, we end up having an @iframe@ component with a CRSF error :
!clipboard-202412061052-a2ttx.png!
This is due to the @iframe@ calling an Openscap API endpoint as its @src@ but the CSRF mitigation headers are missing.
Therefore the HTML report cannot be loaded, even though it is exists at @/var/rudder/shared-files/root/files/<nodeId>/openscap_report.html@
We should have a safe way to render the openscap HTML content directly into the page.