mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
e63faa8898
The zap scanner started to check the csp header, which is causing a warning. We also need to ignore the rule, as both settings are read by the scanner. Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple Content-Security-Policy headers, and the most restrictive policies apply. This rule doesn't seem to be applied by zap. Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
3.4 KiB
3.4 KiB
1 | # zap-baseline rule configuration file |
---|---|
2 | # Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches |
3 | # Only the rule identifiers are used - the names are just for info |
4 | # You can add your own messages to each rule by appending them after a tab on each line. |