zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-19 10:59:21 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix OWASP ZAP false positive

Browse source
This commit is contained in:
Neil Martinsen-Burrell 2022-12-01 10:56:51 -06:00
parent 668f323e44
commit 6f95d32fd4
No known key found for this signature in database
GPG key ID: 6A3C818CC10D0184
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/zap.conf
View file

@ -48,7 +48,7 @@
10038 OUTOFSCOPE http://app:8080/public/img/.*
10038 OUTOFSCOPE http://app:8080/public/css/.*
10038 OUTOFSCOPE http://app:8080/public/js/.*
10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml)
10038 OUTOFSCOPE http://app:8080/(robots.txt|sitemap.xml|TODO)
# OIDC isn't configured in the test environment and DEBUG=True so this gives a 500 without CSP headers
10038 OUTOFSCOPE http://app:8080/openid/login/
10039 FAIL (X-Backend-Server Header Information Leak - Passive/beta)