Skip to content

Commit ea84133

Browse files
trev-devtrev-dev
committed
fix: CSP/CDN related medium alerts
1 parent 496033a commit ea84133

4 files changed

Lines changed: 17 additions & 20 deletions

File tree

.zap/rules-backend.tsv

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,17 @@
1+
10049 IGNORE (Non-Storable Content)
2+
10054 IGNORE (Cookie with SameSite Attribute None)
3+
10054 IGNORE (Cookie without SameSite Attribute)
14
10055 IGNORE (CSP: Failure to Define Directive with No Fallback)
25
10055 IGNORE (CSP: style-src unsafe-inline)
6+
10063 IGNORE (Deprecated Feature Policy Header Set)
7+
10096 IGNORE (Timestamp Disclosure - Unix)
38
10098 IGNORE (Cross-Domain Misconfiguration)
9+
10104 IGNORE (User Agent Fuzzer)
10+
10109 IGNORE (Modern Web Application)
11+
10112 IGNORE (Session Management Response Identified)
12+
40025 IGNORE (Proxy Disclosure)
413
90003 IGNORE (Sub Resource Integrity Attribute Missing)
5-
10054 IGNORE (Cookie with SameSite Attribute None)
6-
10054 IGNORE (Cookie without SameSite Attribute)
714
90004 IGNORE (Cross-Origin-Embedder-Policy Header Missing or Invalid)
815
90004 IGNORE (Cross-Origin-Opener-Policy Header Missing or Invalid)
916
90004 IGNORE (Cross-Origin-Resource-Policy Header Missing or Invalid)
10-
10063 IGNORE (Deprecated Feature Policy Header Set)
11-
10096 IGNORE (Timestamp Disclosure - Unix)
1217
90027 IGNORE (Cookie Slack Detector)
13-
10109 IGNORE (Modern Web Application)
14-
10049 IGNORE (Non-Storable Content)
15-
10112 IGNORE (Session Management Response Identified)
16-
10104 IGNORE (User Agent Fuzzer)

.zap/rules-frontend.tsv

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
1+
10049 IGNORE (Non-Storable Content)
2+
10054 IGNORE (Cookie with SameSite Attribute None)
13
10055 IGNORE (CSP: Failure to Define Directive with No Fallback)
24
10055 IGNORE (CSP: style-src unsafe-inline)
5+
10063 IGNORE (Deprecated Feature Policy Header Set)
6+
10096 IGNORE (Timestamp Disclosure - Unix)
7+
10109 IGNORE (Modern Web Application)
8+
10112 IGNORE (Session Management Response Identified)
9+
40025 IGNORE (Proxy Disclosure)
310
90003 IGNORE (Sub Resource Integrity Attribute Missing)
4-
10054 IGNORE (Cookie with SameSite Attribute None)
511
90004 IGNORE (Cross-Origin-Embedder-Policy Header Missing or Invalid)
612
90004 IGNORE (Cross-Origin-Opener-Policy Header Missing or Invalid)
713
90004 IGNORE (Cross-Origin-Resource-Policy Header Missing or Invalid)
8-
10063 IGNORE (Deprecated Feature Policy Header Set)
9-
10096 IGNORE (Timestamp Disclosure - Unix)
10-
90027 IGNORE (Cookie Slack Detector)
11-
10109 IGNORE (Modern Web Application)
12-
10049 IGNORE (Non-Storable Content)
13-
10112 IGNORE (Session Management Response Identified)
14+
90027 IGNORE (Cookie Slack Detector)

frontend/index.html

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,6 @@
99
<link rel="apple-touch-icon" href="bcid-apple-touch-icon.png">
1010
<link rel="stylesheet" href="/styles/fonts.css">
1111
<link rel="stylesheet" href="/styles/common.css">
12-
<link rel="preload" href="https://fonts.googleapis.com/css?family=Material+Icons" as="style">
13-
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Material+Icons">
1412
<title>My ChildCareBC Services</title>
1513
</head>
1614
<body>
@@ -20,7 +18,6 @@
2018
<div id="app"></div>
2119
<script src="/js/config/config.js"></script>
2220
<script type="module" src="/src/main.js"></script>
23-
<script src="/js/config/snowplow.js"></script>
2421
<!-- built files will be auto injected -->
2522
</body>
2623
</html>

frontend/public/js/config/snowplow.js

Lines changed: 0 additions & 2 deletions
This file was deleted.

0 commit comments

Comments
 (0)