When Fortify Scaning a code like :
string FILENAME = "NameOfFile";
Response.AddHeader("Content-Disposition","attachment, filename=" + FILENAME);
Fortify will notificate there is an issue called Header Manipulation.
To fix this issue, first you have to call System.Net.Mime in the top of your code:
using System.Net.Mime;
And Modified the code like this :
string FILENAME = "NameOfFile";
var contentDispositionHeader = new ContentDisposision() {FileName = FILENAME};
Response.AddHeader("Content-Disposition", contentDispositionHeader .ToString());
Excelente, muchas gracias.
ReplyDelete