We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
From #94
CWE: 346
(NEW) Description:A Content Security Policy is not explicitly defined within the web-application.
res.statusCode = err.statusCode; res.write(JSON.stringify({ status: err.statusCode, error: err.message, origin: [/fgt-api/middleware.js](https://github.com/PharmaLedger-IMI/fgt-workspace/blob/master/fgt-api/middleware.js#L8) - write line 8
The text was updated successfully, but these errors were encountered:
Being a REST application/json server, adding a Content-Security-Policy should not be needed.
Nevertheless, if we add a Content-Security-Policy it does not seem to hurt the normal REST services functionality (according to https://stackoverflow.com/questions/37819249/what-does-it-mean-to-set-a-content-security-policy-on-response-to-a-non-html-req ) so it should be ok to set a CSP header, just to turn off the security scan vulnerability.
Sorry, something went wrong.
#110 - add a CSP to REST response
9726014
Released to TST on v0.10.4
joaoluis-pdm
No branches or pull requests
From #94
CWE: 346
(NEW) Description:A Content Security Policy is not explicitly defined within the web-application.
The text was updated successfully, but these errors were encountered: