soffensive
commented
5 years ago I just noticed for number 2) there is already a method hasAuthenticationCharacteristic, but it does not seem to work.
Closed soffensive closed 5 years ago
soffensive
commented
5 years ago I just noticed for number 2) there is already a method hasAuthenticationCharacteristic, but it does not seem to work.
soffensive
commented
5 years ago It seems there is an incorrect not that will cause the hasAuthenticationCharacteristic to always return true:
return any(h for h in self.ifields if h not in str(hfields).lower())
This coding style makes it hard to discover bugs / determine the actual behaviour since the any() is error-prone and there are too many statements in a single line
luh2
commented
5 years ago Awesome pull request as usual! Thanks. It's merged.
1) Reduce false positives by using a different approach for detecting JavaScript extensions. The current way will, for example, detect "jspa" as a script file. Another approach would be a more sophisticated way, for example, by rating/weighing the different criteria (content-type, file extension, mime-type ...)
2) Reduce number of requests sent by the extension by examining whether there is any authentication information in the base request at all.