Hi guys
BaselineHandler remote file inclusion Code Injection rejects requests with Save-Data header.
https://tools.ietf.org/html/draft-ietf-httpbis-client-hints-05
adding an exclusion for that header leaves the applications vulnerable.
A new fix coming? Any known workaround?
Tks
Could you raise a support case for this and the others? Would be good to track these together. Thanks!
