search

securityheaders / securityheaders-bugs

Bug tracker for https://securityheaders.io
20 stars 0 forks source link

API response property types are not consistent #109

Closed sverrets closed 1 year ago

sverrets commented 1 year ago

When the properties missingHeaders and validationErrors has values, they are objects (eg. https://www.vg.no/):

"missingHeaders": {
      "Referrer-Policy": {
          "missing": "<a href=\"https://scotthelme.co.uk/a-new-security-header-referrer-policy/\" target=\"_blank\">Referrer Policy</a> is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.",
          "key": "Referrer-Policy"
      }
  },
  "validationErrors": {
      "Permissions-Policy": "We didn't detect a viable policy."
  },

However, when a site is not missing any headers or has any validation errors, missingHeaders and validationErrors are empty arrays and not objects (eg. https://www.parker.com/):

 "missingHeaders": [],
 "validationErrors": [],

This makes it really hard and inconvenient to deserialize the response. Is this a bug, or am I missing something?

ScottHelme commented 1 year ago

Yes, this was a bug and should now be fixed. Could you confirm and close the issue if you're happy?