1,3 KiB
1,3 KiB
| 1 | # connect-src wildcard is required for the API to work when called from external instances |
|---|---|
| 2 | # the image is intended for being used behind a reverse-proxy, so TLS termination is already done |
| 3 | # the code is open-source, no special information here |
| 4 | # it doesn't seem to like that we configured our nginx to not respond to directory paths |
| 5 | # the supposed timestamps are actually rgba values in hex notation or the fractional part of percentages in CSS files |
| 6 | # we have no authentication so CSRF is not possible, the detected password form is only used interactively |
| 7 | # glad we are considered modern |
| 8 | # |
| 9 | # |
| 10 | # false-positives |
| 11 | # |
| 12 | # we certainly don't use ASP.NET |
| 13 | # reported: https://github.com/zaproxy/zaproxy/issues/6517 |
| 14 | # this is nginx, not Apache |
| 15 | # reported: https://github.com/zaproxy/zaproxy/issues/6516 |
| 16 | # again we return 200 to some strange URL |