contrib.nodejsscan.good_helmet_checks.helmet_header_check_crossdomain
returntocorpAuthor
99
Download Count*
License
X-Permitted-Cross-Domain-Policies header set to off. More information: https://helmetjs.github.io/docs/crossdomain/
Run Locally
Run in CI
Defintion
rules:
- id: helmet_header_check_crossdomain
message: "X-Permitted-Cross-Domain-Policies header set to off. More information:
https://helmetjs.github.io/docs/crossdomain/"
languages:
- javascript
severity: WARNING
patterns:
- pattern-not: |
$HELMET(..., {permittedCrossDomainPolicies: false}, ...)
- pattern-either:
- pattern: |
permittedCrossDomainPolicies()
- pattern: |
permittedCrossDomainPolicies({ permittedPolicies: ... })
- pattern: |
helmet.permittedCrossDomainPolicies({ permittedPolicies: ... })
- pattern: |
helmet({permittedCrossDomainPolicies: { permittedPolicies: ... }})
- pattern: |
helmet.permittedCrossDomainPolicies()
metadata:
category: security
technology:
- node.js
- express
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Short Link: https://sg.run/GeZz