search

rfc-st / humble

A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
https://github.com/rfc-st/humble
MIT License
261 stars 18 forks source link

X-Permitted-Cross-Domain-Policies Header #8

Closed manuel-sommer closed 1 year ago

manuel-sommer commented 1 year ago

According to OWASP Secure Headers Project , the HTTP Header X-Permitted-Cross-Domain-Policies Header should also be used. A check is mssing regarding this header.

manuel-sommer commented 1 year ago

@rfc-st I recommend you to add this project to hacktoberfest as you will then maybe receive also more PRs.

rfc-st commented 1 year ago

Hello!,

Thanks for your suggestion. I have included the check of this header in https://github.com/rfc-st/humble/commit/1bef54ca41cf6f1df0bb62e9421fe000e552c06c.

I cannot accept your PR for several reasons: it is not complete (this tool allows to show results in English and Spanish and therefore it is necessary to modify the corresponding files to show the messages in both languages). Additionally your PR removes an insecure value check from this header, which I think is necessary.

I have included your suggestion at https://github.com/rfc-st/humble/#acknowledgements. Thanks again for your time!.

Best regards,