Security. v0 aggressive test. Low. X-Content-Type-Options Header Missing. It looks like for images served from the /media and the css served from the /styles location there is no content type set or it isn’t set to ‘nosniff’. Research is required to see if a content header can be set for this folders which when used are accessed via / in the application. Examples are styles.css. person-green.png etc, but no pages

jbrun001 / roombooking

Creative Commons Zero v1.0 Universal

1 stars 1 forks source link

Security. v0 aggressive test. Low. X-Content-Type-Options Header Missing. It looks like for images served from the /media and the css served from the /styles location there is no content type set or it isn’t set to ‘nosniff’. Research is required to see if a content header can be set for this folders which when used are accessed via / in the application. Examples are styles.css. person-green.png etc, but no pages #43

Closed jbrun001 closed 7 months ago

jbrun001 commented 8 months ago

https://github.com/jbrun001/roombooking/blob/main/Security%20v0%20full%20test%20results%202024-03-05-ZAP-Report-.zip Full zipped security report with details results is here - please don't unzip into the roombooking folder as it's quite large.

jbrun001 commented 7 months ago

Moved the security header code to before the definition of the static routes, now the headers apply to the resources in the static routes as well as the pages.