cancel
Showing results for 
Search instead for 
Did you mean: 

Save-Data

Highlighted
Occasional Contributor

Save-Data

Hi guys

 

BaselineHandler remote file inclusion Code Injection rejects requests with Save-Data header.

 

https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-05

 

adding an exclusion for that header leaves the applications vulnerable.

 

A new fix coming? Any known workaround?

 

Tks

1 REPLY 1
Highlighted
Community Manager

Re: Save-Data

Could you raise a support case for this and the others? Would be good to track these together. Thanks!