ajinabraham.njsscan.good.good_helmet_checks.helmet_header_check_crossdomain
ajinabrahamAuthor
unknown
Download Count*
License
X-Permitted-Cross-Domain-Policies header set to off. More information: https://helmetjs.github.io/docs/crossdomain/
Run Locally
Run in CI
Defintion
rules:
- id: helmet_header_check_crossdomain
message: "X-Permitted-Cross-Domain-Policies header set to off. More information:
https://helmetjs.github.io/docs/crossdomain/"
languages:
- javascript
severity: INFO
patterns:
- pattern-not: |
$HELMET(..., {permittedCrossDomainPolicies: false}, ...)
- pattern-either:
- pattern: |
permittedCrossDomainPolicies()
- pattern: |
permittedCrossDomainPolicies({ permittedPolicies: ... })
- pattern: |
helmet.permittedCrossDomainPolicies({ permittedPolicies: ... })
- pattern: |
helmet({permittedCrossDomainPolicies: { permittedPolicies: ... }})
- pattern: |
helmet.permittedCrossDomainPolicies()
metadata:
license: LGPL-3.0-or-later
Short Link: https://sg.run/Wx9g