Error pages must be secure as well #267
Comments
|
Just committed some code (e8f9944) to track status codes. Having the ability to notify users that the page wasn't 200 (OK) is first step towards making this thing work. |
|
Further work done in: mozilla/http-observatory-website@41e526d. |
|
Looks like things are working now: |
|
Spectacular, April. Thanks for all the hard work and support.
…On Sep 20, 2017 5:53 PM, "April King" ***@***.***> wrote:
Looks like things are working now:
https://observatory.mozilla.org/analyze.html?host=nordicapis.curity.io
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#267 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACYiowI7JWiJ-gb7BPH20NKuq_mDKV71ks5skTUIgaJpZM4PPU3a>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-- @april in #105
This behavior should be changed. The Observatory should report the security ranking of the Web site under test regardless of the HTTP status code returned. If the site returns an error, the HTTP response should not put the visitor or operator at risk.
Therefore, status codes >= 400 should be evaluated in the same manner as those returning a 200.
The text was updated successfully, but these errors were encountered: