One of the comments on https://github.com/zaproxy/zap-extensions/pull/473 (now outdated, so I dont think I can link to it directly) was a suggestion to introduce a helper method for setting the response headers rather than repeating the same info each time. I must admit I kind of like seeing the full headers as plain text, but maybe thats because I'm used to looking at them in ZAP ;) Any preferences for or against using such helper methods? I'm happy to go with the flow...
psiinon
未读,
2016年8月4日 10:38:402016/8/4
回复作者
登录即可回复作者
转发
登录即可转发
删除
您无权在此群组中删除帖子
复制链接
举报消息
请登录以举报消息
显示原始帖子
要么此群组的电子邮件地址为匿名状态,要么您得查看成员电子邮件地址权限才能查看原始帖子
收件人 OWASP ZAP Developer Group
I've updated https://github.com/zaproxy/zap-extensions/pull/473 based on more comments received, and also updated the X-Frame-Options rule to only report issues at LOW threshold if the CSP 'frame-ancestors' element is present.