-
-
Notifications
You must be signed in to change notification settings - Fork 584
chore: fix pen tests CI #7479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
chore: fix pen tests CI #7479
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.
COMPARE TO
|
Name | Diff |
---|---|
.zap/rules.conf | 📈 +640 Bytes |
10055 IGNORE (CSP: script-src unsafe-hashes) | ||
10055 IGNORE (CSP: script-src unsafe-inline) | ||
10055 IGNORE (CSP: style-src unsafe-inline) | ||
|
||
# Experience app is rendered under the root path. No hidden files are exposed. A 404 experience page will be returned. | ||
40035 IGNORE (Hidden File Found - Active/release) | ||
|
||
# Auth status page requires specific headers for iframe storage access | ||
10020 IGNORE (X-Frame-Options Header Not Set) | ||
10021 IGNORE (X-Content-Type-Options Header Missing) | ||
10049 IGNORE (Storable and Cacheable Content) | ||
10038 IGNORE (Content Security Policy (CSP) Header Not Set) | ||
|
||
# Cross-origin headers are disabled for Google One Tap iframe compatibility | ||
90004 IGNORE (Insufficient Site Isolation Against Spectre Vulnerability) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to ignore these rules conditionally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should not ignore all these rules globally. Should add these headers to the auth status page as well.
Summary
fix pen tests CI
Testing
Later test with CI.
Checklist
.changeset