Add client_secret to the list of forbidden headers
Closed this issue · 1 comments
javixeneize commented
Description
Drheader can detect headers that leak sensitive information, as server, or X-Client-IP. We want to add another header, x-ibm-client-secret, to the list of headers not allowed
What I Did
The new header to be added to rules.yml should be:
X-Ibm-Client-Secret:
Required: False
Enforce: False
Value:
javixeneize commented
Drheader only analyses the headers in the response, and this is in the request. Issue closed