Dependabot Alert: follow-redirects' Proxy-Authorization header kept across hosts

GSA / 889-tool

Web service for determining 889 compliance of vendors

1 stars 0 forks source link

Dependabot Alert: follow-redirects' Proxy-Authorization header kept across hosts #208

Open JennaySDavis opened 3 months ago

JennaySDavis commented 3 months ago

When using Axios, its dependency library follow-redirects only clears the authorization header during cross-domain redirects but also allows the proxy-authentication header, which contains credentials. https://github.com/GSA/889-tool/pull/204

JennaySDavis commented 3 weeks ago

#208 Acceptance Criteria

Pass/Fail	Description
Pass	Full Regression Testing of the 889 Tool

Comments/Additional Notes N/A

ADA Compliance (Automated scan via Chrome Lighthouse)

Criteria	Score
Performance	98
Accessibility	96
Best Practices	93

Passed 06/10/2024 - JSD

LoraBradford commented 3 weeks ago

No issues detected, understand that tickets are being created to improve testing scores, moving to done, thank you!