I have a project where I am going through Fortify security vulnerabilities for my team, and fixing them. Most of them are pretty straight-forward, and I assume so is this one, but I'm not seeing a solution.
Fortify is finding 11 missing content security vulnerabilities all set up similar to this in a XML security file
<http pattern="/fubar.jsp" security="none"/>
Every suggestion I've seen says to change the policy to default or default-src I've tried adding an tag with intercept-url but there is another http tag without a pattern in the file, so it won't let me go that route, and every article suggests something similar to what I have here or something very similar. Does anyone know what I can do to fix this?