Re: Fixing JSONP enabled by default in MappingJackson2JsonView

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Fixing JSONP enabled by default in MappingJackson2JsonView

Alessio Fabiani-2
Hello Naresh,
thanks for the feedback. Let me double check and try to fix it accordingly.
Will send you updates as soon as possible. Regards.

Il giorno mer 7 ago 2019 alle ore 11:38 Naresh N <[hidden email]> ha scritto:
Dear All,

We have used GeoNode for development of our portal SUVIDHA.  As  a part  of security check   scanned our SUVIDHA portal for vulnerabilities , it is showing following security alert

JSONP enabled by default in MappingJackson2JsonView 

Reported request header is as follows

  GET /api/profiles/?callback=kdeltofpmt&jsonp=kdeltofpmt&cb=kdeltofpmt&json=kdeltofpmt HTTP/1.1 Cookie: csrftoken=NuHnIHPRdzkH6pyi1XmrWpx6Z0v60gsW Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Host: 172.26.3.222 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive   

How do I need to fix above? 

 It recommendation to fix is mentioned in the following link

Please help me how do find this module in GeoNode and how to fix ?.

Please do the needful.

Thanks & Regards,
Naresh.N


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.


_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fixing JSONP enabled by default in MappingJackson2JsonView

naresh
Dear Alessio,

Thanks for quick response.  The application scanned using Acunetix software and it is showing the security alert JSONP enabled by default in MappingJackson2JsonView

Please find the below Request and Response headers which is listed by Acunetix software

Request Header
GET /api/groups/?callback=crldpcnlxk&jsonp=crldpcnlxk&cb=crldpcnlxk&json=crldpcnlxk HTTP/1.1
Cookie: csrftoken=bYBRus0eSrnR36SeDSU6CJpxx6gmLX1z
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: XXX.XX.X.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

Response Header

HTTP/1.1 200 OK
Date: Tue, 13 Aug 2019 10:43:50 GMT
Server: Apache
Vary: Accept,Accept-Language,Cookie,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache
Cache-Control: max-age=300
Expires: Tue, 13 Aug 2019 10:48:50 GMT
Content-Length: 113
Keep-Alive: timeout=100, max=65
Connection: Keep-Alive
Content-Type: text/javascript
Original-Content-Encoding: gzip

crldpcnlxk({"meta": {"limit": 10, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []})



Is any thing related to GeoServer ( As it is written in  java and spring framework is used)?

The alert is coming when it is sending the requests to   /api/base or /api/groups.  Is there any way we can block when request to api comes with callback function as argument(specifically jsonp).    

If we remove JSONP from the request,will the issue resolve? But what is dependency with GeoNode.

Kindly help me to resolve above mentioned security related alert.

Thanks&Regards,
Naresh.N

On Tue, Aug 13, 2019 at 1:10 PM Alessio Fabiani <[hidden email]> wrote:
Dear Naresh,
I got the occasion to look a bit to this, but I'm pretty sure your software is giving you a false flag.

First of all GeoNode is not using Spring, therefore the solution you propose makes no sense.

Secondly I tried the api url by trying several jsonp callbacks and got no issues.

If you can possibly provide more information on the issue you are currently experiencing, or at least describe better how to reproduce it, I'll try to dig more into it.

Kind regards,
Alessio.



Il giorno mar 13 ago 2019 alle ore 06:18 Naresh N <[hidden email]> ha scritto:
Dear Alessio,

Thanks a lot. Please help me to resolve.

Best Regards,
Naresh.N

On Mon, Aug 12, 2019 at 7:20 PM Alessio Fabiani <[hidden email]> wrote:
Hello Naresh,
thanks for the feedback. Let me double check and try to fix it accordingly.
Will send you updates as soon as possible. Regards.

Il giorno mer 7 ago 2019 alle ore 11:38 Naresh N <[hidden email]> ha scritto:
Dear All,

We have used GeoNode for development of our portal SUVIDHA.  As  a part  of security check   scanned our SUVIDHA portal for vulnerabilities , it is showing following security alert

JSONP enabled by default in MappingJackson2JsonView 

Reported request header is as follows

  GET /api/profiles/?callback=kdeltofpmt&jsonp=kdeltofpmt&cb=kdeltofpmt&json=kdeltofpmt HTTP/1.1 Cookie: csrftoken=NuHnIHPRdzkH6pyi1XmrWpx6Z0v60gsW Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Host: 172.26.3.222 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive   

How do I need to fix above? 

 It recommendation to fix is mentioned in the following link

Please help me how do find this module in GeoNode and how to fix ?.

Please do the needful.

Thanks & Regards,
Naresh.N


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.



--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.


_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fixing JSONP enabled by default in MappingJackson2JsonView

Alessio Fabiani-2
Dear Naresh,
I had the occasion to have a deeper look at this topic.

So, currently, those endpoints have been exposed by "djanto-tastypie".

Unfortunately, tastypie accepts the keyword "callback" and actually scans it to be a valid JSONP call. Therefore, not only this is admitted but it is also used by the package to render the outputs.

As far as I can see from the code, it doesn't look to be harmful, and the response is consistent.

Do you have clear evidence that it is possible to invoke an external JSONP somehow?

I don't know the tool you are using to make the security tests, but I guess it shouldn't be only checking for the query parameter "callback" to be accepted or not.

That said, to remove this warning I'm afraid that the only solution would be to rewrite those APIs without using Tatypie. Which would be good, by the way, but I don't think there are currently volunteers or people able to make such a big change for free,

You will probably need to wait for the GeoNode 3.0 version, which, hopefully, will get rid of this old-fashioned library too.

Best regards,
Alessio.




Il giorno mer 14 ago 2019 alle ore 13:51 Naresh N <[hidden email]> ha scritto:
Dear Alessio,

Thanks for quick response.  The application scanned using Acunetix software and it is showing the security alert JSONP enabled by default in MappingJackson2JsonView

Please find the below Request and Response headers which is listed by Acunetix software

Request Header
GET /api/groups/?callback=crldpcnlxk&jsonp=crldpcnlxk&cb=crldpcnlxk&json=crldpcnlxk HTTP/1.1
Cookie: csrftoken=bYBRus0eSrnR36SeDSU6CJpxx6gmLX1z
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: XXX.XX.X.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

Response Header

HTTP/1.1 200 OK
Date: Tue, 13 Aug 2019 10:43:50 GMT
Server: Apache
Vary: Accept,Accept-Language,Cookie,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache
Cache-Control: max-age=300
Expires: Tue, 13 Aug 2019 10:48:50 GMT
Content-Length: 113
Keep-Alive: timeout=100, max=65
Connection: Keep-Alive
Content-Type: text/javascript
Original-Content-Encoding: gzip

crldpcnlxk({"meta": {"limit": 10, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []})



Is any thing related to GeoServer ( As it is written in  java and spring framework is used)?

The alert is coming when it is sending the requests to   /api/base or /api/groups.  Is there any way we can block when request to api comes with callback function as argument(specifically jsonp).    

If we remove JSONP from the request,will the issue resolve? But what is dependency with GeoNode.

Kindly help me to resolve above mentioned security related alert.

Thanks&Regards,
Naresh.N

On Tue, Aug 13, 2019 at 1:10 PM Alessio Fabiani <[hidden email]> wrote:
Dear Naresh,
I got the occasion to look a bit to this, but I'm pretty sure your software is giving you a false flag.

First of all GeoNode is not using Spring, therefore the solution you propose makes no sense.

Secondly I tried the api url by trying several jsonp callbacks and got no issues.

If you can possibly provide more information on the issue you are currently experiencing, or at least describe better how to reproduce it, I'll try to dig more into it.

Kind regards,
Alessio.



Il giorno mar 13 ago 2019 alle ore 06:18 Naresh N <[hidden email]> ha scritto:
Dear Alessio,

Thanks a lot. Please help me to resolve.

Best Regards,
Naresh.N

On Mon, Aug 12, 2019 at 7:20 PM Alessio Fabiani <[hidden email]> wrote:
Hello Naresh,
thanks for the feedback. Let me double check and try to fix it accordingly.
Will send you updates as soon as possible. Regards.

Il giorno mer 7 ago 2019 alle ore 11:38 Naresh N <[hidden email]> ha scritto:
Dear All,

We have used GeoNode for development of our portal SUVIDHA.  As  a part  of security check   scanned our SUVIDHA portal for vulnerabilities , it is showing following security alert

JSONP enabled by default in MappingJackson2JsonView 

Reported request header is as follows

  GET /api/profiles/?callback=kdeltofpmt&jsonp=kdeltofpmt&cb=kdeltofpmt&json=kdeltofpmt HTTP/1.1 Cookie: csrftoken=NuHnIHPRdzkH6pyi1XmrWpx6Z0v60gsW Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Host: 172.26.3.222 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive   

How do I need to fix above? 

 It recommendation to fix is mentioned in the following link

Please help me how do find this module in GeoNode and how to fix ?.

Please do the needful.

Thanks & Regards,
Naresh.N


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.



--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.


_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fixing JSONP enabled by default in MappingJackson2JsonView

naresh
Dear Alessio,

Thanks for your reply and detailed explanation.   
As you pointed out, the tool checking for the query parameter "callback" to be accepted or not and listing as security alert
As of now to disable this behaviour I have blocked the api response in jsonp format.

Once again Thanks for guidance and support.


Best Regards,
Naresh

On Mon, Aug 19, 2019 at 3:29 PM Alessio Fabiani <[hidden email]> wrote:
Dear Naresh,
I had the occasion to have a deeper look at this topic.

So, currently, those endpoints have been exposed by "djanto-tastypie".

Unfortunately, tastypie accepts the keyword "callback" and actually scans it to be a valid JSONP call. Therefore, not only this is admitted but it is also used by the package to render the outputs.

As far as I can see from the code, it doesn't look to be harmful, and the response is consistent.

Do you have clear evidence that it is possible to invoke an external JSONP somehow?

I don't know the tool you are using to make the security tests, but I guess it shouldn't be only checking for the query parameter "callback" to be accepted or not.

That said, to remove this warning I'm afraid that the only solution would be to rewrite those APIs without using Tatypie. Which would be good, by the way, but I don't think there are currently volunteers or people able to make such a big change for free,

You will probably need to wait for the GeoNode 3.0 version, which, hopefully, will get rid of this old-fashioned library too.

Best regards,
Alessio.




Il giorno mer 14 ago 2019 alle ore 13:51 Naresh N <[hidden email]> ha scritto:
Dear Alessio,

Thanks for quick response.  The application scanned using Acunetix software and it is showing the security alert JSONP enabled by default in MappingJackson2JsonView

Please find the below Request and Response headers which is listed by Acunetix software

Request Header
GET /api/groups/?callback=crldpcnlxk&jsonp=crldpcnlxk&cb=crldpcnlxk&json=crldpcnlxk HTTP/1.1
Cookie: csrftoken=bYBRus0eSrnR36SeDSU6CJpxx6gmLX1z
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: XXX.XX.X.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive

Response Header

HTTP/1.1 200 OK
Date: Tue, 13 Aug 2019 10:43:50 GMT
Server: Apache
Vary: Accept,Accept-Language,Cookie,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Language: en
Cache-Control: no-cache
Cache-Control: max-age=300
Expires: Tue, 13 Aug 2019 10:48:50 GMT
Content-Length: 113
Keep-Alive: timeout=100, max=65
Connection: Keep-Alive
Content-Type: text/javascript
Original-Content-Encoding: gzip

crldpcnlxk({"meta": {"limit": 10, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []})



Is any thing related to GeoServer ( As it is written in  java and spring framework is used)?

The alert is coming when it is sending the requests to   /api/base or /api/groups.  Is there any way we can block when request to api comes with callback function as argument(specifically jsonp).    

If we remove JSONP from the request,will the issue resolve? But what is dependency with GeoNode.

Kindly help me to resolve above mentioned security related alert.

Thanks&Regards,
Naresh.N

On Tue, Aug 13, 2019 at 1:10 PM Alessio Fabiani <[hidden email]> wrote:
Dear Naresh,
I got the occasion to look a bit to this, but I'm pretty sure your software is giving you a false flag.

First of all GeoNode is not using Spring, therefore the solution you propose makes no sense.

Secondly I tried the api url by trying several jsonp callbacks and got no issues.

If you can possibly provide more information on the issue you are currently experiencing, or at least describe better how to reproduce it, I'll try to dig more into it.

Kind regards,
Alessio.



Il giorno mar 13 ago 2019 alle ore 06:18 Naresh N <[hidden email]> ha scritto:
Dear Alessio,

Thanks a lot. Please help me to resolve.

Best Regards,
Naresh.N

On Mon, Aug 12, 2019 at 7:20 PM Alessio Fabiani <[hidden email]> wrote:
Hello Naresh,
thanks for the feedback. Let me double check and try to fix it accordingly.
Will send you updates as soon as possible. Regards.

Il giorno mer 7 ago 2019 alle ore 11:38 Naresh N <[hidden email]> ha scritto:
Dear All,

We have used GeoNode for development of our portal SUVIDHA.  As  a part  of security check   scanned our SUVIDHA portal for vulnerabilities , it is showing following security alert

JSONP enabled by default in MappingJackson2JsonView 

Reported request header is as follows

  GET /api/profiles/?callback=kdeltofpmt&jsonp=kdeltofpmt&cb=kdeltofpmt&json=kdeltofpmt HTTP/1.1 Cookie: csrftoken=NuHnIHPRdzkH6pyi1XmrWpx6Z0v60gsW Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Host: 172.26.3.222 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Connection: Keep-alive   

How do I need to fix above? 

 It recommendation to fix is mentioned in the following link

Please help me how do find this module in GeoNode and how to fix ?.

Please do the needful.

Thanks & Regards,
Naresh.N


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.



--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.

_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel


--

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.


_______________________________________________
geonode-devel mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geonode-devel