flask-secure-headers icon indicating copy to clipboard operation
flask-secure-headers copied to clipboard

Published 20 hours ago verified publisher icon twaldear

SimpleHeader validation only validates 1 param

Open jhorman opened this issue 8 years ago • 0 comments

SimpleHeader.check_valid seems to only end up checking 1 param before returning True, and so not all the validation happens I think.

https://github.com/twaldear/flask-secure-headers/blob/master/flask_secure_headers/headers.py#L11

Also, I am getting a validation exception for the default values, in cases where it does end up hitting the validate for report-uri.

https://github.com/twaldear/flask-secure-headers/blob/master/flask_secure_headers/core.py#L37

Defaults to /hpkp_report but

https://github.com/twaldear/flask-secure-headers/blob/master/flask_secure_headers/headers.py#L101

Says only * is valid, unless I am reading it wrong.

jhorman avatar May 12 '17 21:05 jhorman