Closed Techbrunch closed 8 months ago
I think it works:
metadata:
language: v1-beta
name: "Server-sent events detection"
description: "Checks for usage of server-sent events."
tags: "passive"
given response then
if "text/event-stream" in {latest.request.headers} or
"text/event-stream" in {latest.response.headers} then
report issue:
severity: info
confidence: certain
detail: "The application appears to be using server-sent events."
end if
We have created a simple BCheck to flag response with
Content-Type: text/event-stream
:We would like to also check the request for
Accept: text/event-stream
in the same BCheck but that does not appear to be possible.Basically what we would like is
given request or response contains text/event-stream then report issue
.