23 lines
1.1 KiB
Text
23 lines
1.1 KiB
Text
# connect-src wildcard is required for the API to work when called from external instances
|
|
10055 IGNORE (CSP: Wildcard Directive)
|
|
# the image is intended for being used behind a reverse-proxy, so TLS termination is already done
|
|
10106 IGNORE (HTTP Only Site)
|
|
# the code is open-source, no special information here
|
|
10027 IGNORE (Information Disclosure - Suspicious Comments)
|
|
40034 IGNORE (.env Information Leak)
|
|
# it doesn't seem to like that we configured our nginx to not respond to directory paths
|
|
10104 IGNORE (User Agent Fuzzer)
|
|
# the supposed timestamps are actually rgba values in hex notation or the fractional part of percentages in CSS files
|
|
10096 IGNORE (Timestamp Disclosure - Unix)
|
|
# we have no authentication so CSRF is not possible, the detected password form is only used interactively
|
|
10202 IGNORE (Absence of Anti-CSRF Tokens)
|
|
20012 IGNORE (Anti-CSRF Tokens Check)
|
|
# glad we are considered modern
|
|
10109 IGNORE (Modern Web Application)
|
|
#
|
|
#
|
|
# false-positives
|
|
#
|
|
# again we return 200 to some strange URL
|
|
90034 IGNORE (Cloud Metadata Potentially Exposed)
|
|
40035 IGNORE (Hidden File Found)
|