From 27f73e50c3922a40b93ecaf3a141680c59652f97 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Fri, 8 Mar 2024 18:01:11 +0530
Subject: [PATCH] Update cloudflare-rocketloader-htmli.yaml

---
 http/misconfiguration/cloudflare-rocketloader-htmli.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/http/misconfiguration/cloudflare-rocketloader-htmli.yaml b/http/misconfiguration/cloudflare-rocketloader-htmli.yaml
index 537db5402b..a7938a6177 100644
--- a/http/misconfiguration/cloudflare-rocketloader-htmli.yaml
+++ b/http/misconfiguration/cloudflare-rocketloader-htmli.yaml
@@ -6,8 +6,10 @@ info:
   severity: low
   description: |
     The Rocket Loader feature in Cloudflare allow attackers to inject arbitrary HTML into the website. This can be used to perform various attacks such as phishing, defacement, etc.
+  remediation: Disable the rocket loader or Add a CSP header to fix this issue.
   reference:
     - https://developers.cloudflare.com/speed/optimization/content/rocket-loader/enable/
+    - https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
   metadata:
     max-request: 1
     verified: true
@@ -37,4 +39,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+# digest: 4a0a0047304502203f1f9450ea215136ca621ee9dbedce3ae4455abcc8dd73db23c5e0cdde586076022100f02e51d462db656b75f00a878d4608aed164f4cc5492a86cb73fd88a1665a085:922c64590222798bb761d5b6d8e72950