Closed NicolasCARPi closed 1 year ago
Hi @NicolasCARPi. Thanks! I hope it will prove useful.
Makes sense. I'll update the fuzzer to check for this header.
Hi @NicolasCARPi. This is available in https://github.com/Endava/cats/releases/tag/cats-8.4.0.
Thank you Madalin!
Hello,
First, let me tell you that
cats
is a really great piece of software, congrats!Issue
The fuzzer CheckSecurityHeaders checks if X-Frame-Options is present in the response, but as can be seen on MDN:
My app doesn't have a X-Frame-Options header, but has a CSP with
frame-ancestors 'none'
.I suggest that the fuzzer validates the test if this string is present in the CSP header.
Best, ~Nico