Skip to content

Commit

Permalink
Merge pull request #715 from ckpaliwal/ZAP-fixes
Browse files Browse the repository at this point in the history 
ZAP issues and developer api doc updates
  • Loading branch information
@ckpaliwal
ckpaliwal authored May 21, 2024
2 parents b9d9f16 + f740351 commit 17ff6b1
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion packages/athena/app.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -643,7 +643,7 @@ function setHeaders(req, res, next) {
res.setHeader('X-Content-Type-Options', 'nosniff'); // suggestion by ibm security
res.setHeader('X-XSS-Protection', '1; mode=block'); // suggestion by ibm security
res.setHeader('X-Frame-Options', 'deny'); // suggestion by ibm security
res.setHeader('Server', ev.ATHENA_VERSION); // needed for ONECLOUD UX302
// res.setHeader('Server', ev.ATHENA_VERSION); // needed for ONECLOUD UX302

let setNoCache = false;
if (req.url.indexOf('/api/') === 0 || req.url.indexOf('/ak/api/') === 0) { // all api routes follow the pattern /api/* and /ak/api/*
Expand Down
4 changes: 2 additions & 2 deletions packages/athena/json_docs/default_settings_doc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,11 +121,11 @@
"csp_header_values": [
"connect-src *",
"default-src 'none'",
"font-src 'self' *.s81c.com fonts.gstatic.com",
"font-src 'self' *.s81c.com",
"frame-ancestors 'none'",
"object-src 'none'",
"img-src 'self' *.ibm.com appboy-images.com",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com api.segment.com cdn.segment.com console.bluemix.net *.braze.com lpcdn.lpsnmedia.net *.liveperson.net *.kampyle.com",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com",
"style-src 'self' 'unsafe-inline' *.ibm.com"
],
"host_url": "http://localhost:3000",
Expand Down
4 changes: 2 additions & 2 deletions packages/athena/test/openapi/real_responses.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1683,10 +1683,10 @@
"CSP_HEADER_VALUES": [
"connect-src *",
"default-src 'none'",
"font-src 'self' *.s81c.com fonts.gstatic.com",
"font-src 'self' *.s81c.com",
"frame-ancestors 'none'",
"img-src 'self' *.ibm.com appboy-images.com",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com api.segment.com cdn.segment.com console.bluemix.net *.braze.com lpcdn.lpsnmedia.net *.liveperson.net",
"script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ibm.com",
"style-src 'self' 'unsafe-inline' *.ibm.com"
],
"DB_SYSTEM": "db-bd000d77c84344e5809bef2ca2313319-system",
Expand Down

0 comments on commit 17ff6b1

Please sign in to comment.