ZAP Scan Baseline Report

- Site: [http://localhost:8080](http://localhost:8080) 
 	 **New Alerts** 
	- **CSP: script-src unsafe-eval** [10055] total: 5:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/login?error=invalid](http://localhost:8080/login?error=invalid) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/register?error=password_short](http://localhost:8080/register?error=password_short) 
	- **CSP: script-src unsafe-inline** [10055] total: 5:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/login?error=invalid](http://localhost:8080/login?error=invalid) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/register?error=password_short](http://localhost:8080/register?error=password_short) 
	- **CSP: style-src unsafe-inline** [10055] total: 5:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/login?error=invalid](http://localhost:8080/login?error=invalid) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/register?error=password_short](http://localhost:8080/register?error=password_short) 
	- **Content Security Policy (CSP) Header Not Set** [10038] total: 2:  
		- [http://localhost:8080/robots.txt](http://localhost:8080/robots.txt) 
		- [http://localhost:8080/sitemap.xml](http://localhost:8080/sitemap.xml) 
	- **Cross-Origin-Embedder-Policy Header Missing or Invalid** [90004] total: 4:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/register?error=password_short](http://localhost:8080/register?error=password_short) 
	- **Cross-Origin-Opener-Policy Header Missing or Invalid** [90004] total: 4:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/register?error=password_short](http://localhost:8080/register?error=password_short) 
	- **Cross-Origin-Resource-Policy Header Missing or Invalid** [90004] total: 5:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/styles.css?v=0.4.172](http://localhost:8080/styles.css?v=0.4.172) 
	- **Permissions Policy Header Not Set** [10063] total: 3:  
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/robots.txt](http://localhost:8080/robots.txt) 
		- [http://localhost:8080/sitemap.xml](http://localhost:8080/sitemap.xml) 
	- **X-Content-Type-Options Header Missing** [10021] total: 5:  
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/apple-touch-icon.png?v=0.4.172](http://localhost:8080/apple-touch-icon.png?v=0.4.172) 
		- [http://localhost:8080/favicon.png?v=0.4.172](http://localhost:8080/favicon.png?v=0.4.172) 
		- [http://localhost:8080/images/chickadee-icon-alt.png](http://localhost:8080/images/chickadee-icon-alt.png) 
		- [http://localhost:8080/styles.css?v=0.4.172](http://localhost:8080/styles.css?v=0.4.172) 
	- **Authentication Request Identified** [10111] total: 1:  
		- [http://localhost:8080/login](http://localhost:8080/login) 
	- **Base64 Disclosure** [10094] total: 12:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/apple-touch-icon.png?v=0.4.172](http://localhost:8080/apple-touch-icon.png?v=0.4.172) 
		- [http://localhost:8080/images/chickadee-icon-alt.png](http://localhost:8080/images/chickadee-icon-alt.png) 
		- .. 
	- **Information Disclosure - Suspicious Comments** [10027] total: 15:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- .. 
	- **Non-Storable Content** [10049] total: 4:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
	- **Sec-Fetch-Dest Header is Missing** [90005] total: 3:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
	- **Sec-Fetch-Mode Header is Missing** [90005] total: 3:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
	- **Sec-Fetch-Site Header is Missing** [90005] total: 3:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
	- **Sec-Fetch-User Header is Missing** [90005] total: 3:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
	- **Session Management Response Identified** [10112] total: 8:  
		- [http://localhost:8080](http://localhost:8080) 
		- [http://localhost:8080/](http://localhost:8080/) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/login?error=invalid](http://localhost:8080/login?error=invalid) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- .. 
	- **Storable and Cacheable Content** [10049] total: 5:  
		- [http://localhost:8080/app.js?v=0.4.172](http://localhost:8080/app.js?v=0.4.172) 
		- [http://localhost:8080/login](http://localhost:8080/login) 
		- [http://localhost:8080/register](http://localhost:8080/register) 
		- [http://localhost:8080/sitemap.xml](http://localhost:8080/sitemap.xml) 
		- [http://localhost:8080/styles.css?v=0.4.172](http://localhost:8080/styles.css?v=0.4.172) 



View the [following link](https://github.com/JimWallace/Chickadee/actions/runs/25976889839) to download the report.
RunnerID:25976889839

---
ZAP is supported by the [Crash Override Open Source Fellowship](https://crashoverride.com/?zap=act)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ZAP Scan Baseline Report #565

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ZAP Scan Baseline Report #565

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions