Option to skip tests or pass without any warnings
Closed this issue · 2 comments
The X-Frame-Options test fails when its either 1) disabled or 2) its value is set to something other than DENY or SAMEORIGIN.
However, this header has to be disabled or its value set to a specific domain when it's required to load the front-end in an iframe, for example when the control panel is being served from another domain.
In this case when the CSP frame-ancestors directive is being used to allow the front-end to be previewed in the control panel, then the X-Frame-Options header is disabled and that particular test should either pass by default or be ignored/skipped.
I may have jumped the gun on this a bit, as I see now I can control the canFail and forceFail properties for each individual test in the sherlock.php config file. However, I'm having trouble figuring out how to disable the warnings for several tests. It seems there's no way to get it to bypass failTest() completely if it doesn't meet your internal criteria. A method/property to get it to pass (without even a warning) or skip the test entirely via the config file would be appreciated.
I'm blind, ignore me.