mirror of
https://github.com/project-zot/zot.git
synced 2026-06-17 04:48:26 +08:00
fix(csp): upgrade UI and fix zap failure (#1372)
The zap scanner started to check the csp header, which is causing a warning. We also need to ignore the rule, as both settings are read by the scanner. Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple Content-Security-Policy headers, and the most restrictive policies apply. This rule doesn't seem to be applied by zap. Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron
@@ -23,7 +23,7 @@ CRICTL := $(TOOLSDIR)/bin/crictl
|
||||
CRICTL_VERSION := v1.26.1
|
||||
ACTION_VALIDATOR := $(TOOLSDIR)/bin/action-validator
|
||||
ACTION_VALIDATOR_VERSION := v0.2.1
|
||||
ZUI_VERSION := commit-2f94cc3
|
||||
ZUI_VERSION := commit-e0d4417
|
||||
STACKER := $(TOOLSDIR)/bin/stacker
|
||||
BATS := $(TOOLSDIR)/bin/bats
|
||||
TESTDATA := $(TOP_LEVEL)/test/data
|
||||
|
||||
Reference in New Issue
Block a user