Skip to content

Security Related Headers results in false positive when secure_headers gem is used #188

Open
@monfresh

Description

@monfresh

In my app, I use the secure_headers gem, which takes care of all the issues reported by the Owasp Ror Cheatsheet Security Related Headers. It would be great if dawnscanner could check these two things:

  1. That the secure_headers gem is present in the app's Gemfile.lock

  2. That the application_controller.rb contains the following lines:

    include SecureHeaders
    ensure_security_headers

If both of those conditions are met, then the Security Related Headers issue should not be reported.

Metadata

Metadata

Assignees

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions