BIN: analyse-headers: adds feature-policy and permissions-policy checks

Jonathan Hodgson 4 years ago
parent 61097006a4
commit 9ef36af8f7
  1. 34
      bin/.bin/webtest/analyse-headers

@ -269,6 +269,36 @@ Strict means the browser sends the cookie only for same-site requests\n\n"
return "$ret"
}
test_permissions-policy(){
if [ -z "$1" ]; then
echo "Permissions-Policy" | drawInBox
wecho "The Permission-Policy header replaces the Feature-Policy and is \
used to allow or disallow certain browser features or apis in the interest of \
security.\n\n"
return 3
fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
}
test_feature-policy(){
if [ -z "$1" ]; then
echo "Feature-Policy" | drawInBox
wecho "The Feature-Policy header was used to allow or disallow certian \
browser features or apis. It has been superceded by the permissions-policy
header but should still be included for legacy browsers.\n\n"
return 3
fi
if ! echo "$headers" | grep -Eqi '^permissions-policy'; then
echo "Feature-Policy" | drawInBox
wecho "The Feature-Policy header was used to allow or disallow certian \
browser features or apis. It has been superceded by the permissions-policy
header but should still be included for legacy browsers.
It has been highlighted because the Permissions-policy header wasn't found.\n\n"
return 3
fi
local value="$(echo "$1" | cut -d ':' -f 2- | trimWhitespace)"
}
usage(){
echo -n "analyse-headers [OPTIONS]... URL
@ -339,7 +369,9 @@ headers="$(curl -s -I "$url")"
missingHeaders="x-frame-options
content-security-policy
x-xss-protection
x-content-type-options"
x-content-type-options
feature-policy
permissions-policy"
tmpfile="$(mktemp)"
touch "$tmpfile"

Loading…
Cancel
Save