Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve accept header validation #496

Open
Andreass2 opened this issue Nov 18, 2024 · 0 comments
Open

Improve accept header validation #496

Andreass2 opened this issue Nov 18, 2024 · 0 comments
Labels
kind/enhancement Improving existing feature product/meldingstjenesten Issues related to Altinn Correspondence

Comments

@Andreass2
Copy link
Collaborator

Feil funnet i DAST testing.
"This endpoint does not reject requests that have invalid Accept headers. While not always a security vulnerability, this is unexpected behavior that could lead to client confusion. In some circumstances, this undefined behaviour may increase the threat surface of the application, by reducing the predictability of the API."

"To ensure that only a valid Accept header is allowed by the endpoint, it is prudent to add a validating step or middleware to the request processing pipeline that handles the requests to a given endpoint."
@Andreass2 Andreass2 moved this to 📋 Backlog in Altinn melding og formidling Nov 18, 2024
@Andreass2 Andreass2 added product/meldingstjenesten Issues related to Altinn Correspondence kind/enhancement Improving existing feature labels Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Improving existing feature product/meldingstjenesten Issues related to Altinn Correspondence
Projects
Altinn melding og formidling
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Andreass2