X-Permitted-Cross-Domain-Policies Header #8
Assignees
Labels
enhancement
New feature or request
Comments
manuel-sommer
added a commit
to manuel-sommer/humble
that referenced
this issue
Oct 16, 2023
|
@rfc-st I recommend you to add this project to hacktoberfest as you will then maybe receive also more PRs. |
|
Hello!, Thanks for your suggestion. I have included the check of this header in 1bef54c. I cannot accept your PR for several reasons: it is not complete (this tool allows to show results in English and Spanish and therefore it is necessary to modify the corresponding files to show the messages in both languages). Additionally your PR removes an insecure value check from this header, which I think is necessary. I have included your suggestion at https://github.com/rfc-st/humble/#acknowledgements. Thanks again for your time!. Best regards, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
According to OWASP Secure Headers Project , the HTTP Header X-Permitted-Cross-Domain-Policies Header should also be used. A check is mssing regarding this header.
The text was updated successfully, but these errors were encountered: