From 7544bba4b82513a9272daf8f65cf724e09da1aba Mon Sep 17 00:00:00 2001 From: Tasos Laskos Date: Sat, 18 Dec 2021 12:33:35 +0200 Subject: [PATCH] x_frame_options check: Check if header not empty, not just exist --- components/checks/passive/grep/x_frame_options.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/checks/passive/grep/x_frame_options.rb b/components/checks/passive/grep/x_frame_options.rb index 0c579099cb..13b14ad385 100644 --- a/components/checks/passive/grep/x_frame_options.rb +++ b/components/checks/passive/grep/x_frame_options.rb @@ -12,7 +12,8 @@ class Arachni::Checks::XFrameOptions < Arachni::Check::Base def run return if audited?( page.parsed_url.host ) || page.response.headers.empty? || - page.response.headers['X-Frame-Options'] || page.code != 200 + !page.response.headers['X-Frame-Options'].to_s.empty? || page.code != 200 + audited( page.parsed_url.host ) log(