Address moderate and low owasp findings

* CORS headers removed because browsers should not interact with API directly * Updated error handling to return expected content-type for JSON error messages
2026-02-04 18:31:13 -05:00 · 2023-04-19 09:27:16 -04:00
parent 81f36182e8
commit db62e318ca
2 changed files with 19 additions and 7 deletions
--- a/docs/testing.md
+++ b/docs/testing.md
@@ -56,5 +56,5 @@ docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker
 The equivalent command if you are running the API locally:

 ```
-docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:6011/docs/openapi.yml -f openapi -c zap.conf
+docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t http://host.docker.internal:6011/docs/openapi.yml -f openapi -c zap.conf -r report.html
 ```