docker-nginx-fpm-alpine
docker-nginx-fpm-alpine copied to clipboard
PrivateBin
ZAP Full Scan Report
-
Site: http://localhost:8080 New Alerts
- Bypassing 403 [40038] total: 5:
- Vulnerable JS Library [10003] total: 1:
- Dangerous JS Functions [10110] total: 3:
- Permissions Policy Header Not Set [10063] total: 11:
- Non-Storable Content [10049] total: 3:
- Storable and Cacheable Content [10049] total: 8:
Ignored Alerts
- Absence of Anti-CSRF Tokens [10202] total: 3:
- CSP: Wildcard Directive [10055] total: 6:
- CSP: script-src unsafe-eval [10055] total: 6:
- CSP: Header & Meta [10055] total: 3:
- Information Disclosure - Suspicious Comments [10027] total: 16:
- Modern Web Application [10109] total: 3:
View the following link to download the report. RunnerID:6715206329
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Storable and Cacheable Content
Do we miss some caching headers for these @elrido?
To me these reports are confusing: The JS and CSS are reported because they are cachable, while the dynamic content is because it's not. There should not be any special headers necessary for browsers to cache static content. For the dynamic content we do emit a limited lifetime for caching as a header.
Maybe it is because that caching then is only a heuristic and not reliable? Did not find a guideline right now, but maybe one should better explicitly specify how long it should cache stuff like this?