Some value does not appear on the HTTP request
incoming-th opened this issue · comments
Hi,
Some value are not appearing in the headers of the request when using console, this triggers some false positive on security reports.
Example from local Laravel 10 environment (WSL2) and bepsvpt/secure-header ^7.3:
But in the network console:
Is this normal? Am I doing something wrong?
That's just one example, it could have other like this.
Thanks
Hey @incoming-th ,
For the keywords such as self
and none
, these must be represented as array keys. Changing your configuration to the following should hopefully fix the issue for you
'frame-ancestors' => [
'none' => true
],
I might raise a new PR to add these options with the default as false in the PR, as I was running into the same issue as you, and took me a while to figure it out