Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow API with 401/403 Status Code to be Scanned #42

Closed
azfar26 opened this issue Jul 22, 2024 · 3 comments
Closed

Allow API with 401/403 Status Code to be Scanned #42

azfar26 opened this issue Jul 22, 2024 · 3 comments
Labels
expert help needed Needs more information from a subject matter expert (SME). p2 We want to address this but may have other higher priority items.

Comments

@azfar26
Copy link

azfar26 commented Jul 22, 2024

What information was incorrect, unhelpful, or incomplete?

Hello MDN team,

With the previous Observatory (https://observatory.mozilla.org/), I can scan my API that returned 401 Unauthorized status code by default. Secure response headers are still returned by the API and Observatory gave a grade of A+.

With the new Observatory (https://developer.mozilla.org/en-US/observatory), sites that did not respond with a 2xx HTTP status code are not allowed to be scanned.

What did you expect to see?

I read the FAQ section here, although HTTP Observatory is designed for scanning website, it can be used for API endpoints as well.

I'm expecting my API to be allowed to scan, just like in the previous Observatory. To narrow down the non-2xx status code, you can allow only 401 Unauthorized and 403 Forbidden status codes - since these are the typical status codes returned by API with unauthorized access.

Do you have any supporting links, references, or citations?

No response

Do you have anything more you want to share?

image
@azfar26 azfar26 added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Jul 22, 2024
@github-actions GitHub Actions
Copy link
Contributor

It looks like this is your first issue. Welcome! 👋 One of the project maintainers will be with you as soon as possible. We appreciate your patience. To safeguard the health of the project, please take a moment to read our code of conduct.

@argl argl added expert help needed Needs more information from a subject matter expert (SME). p2 We want to address this but may have other higher priority items. and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels Jul 23, 2024
@argl argl mentioned this issue Aug 9, 2024
Merged
@github-actions github-actions bot added the idle Issues and pull requests with no activity for three months. label Aug 23, 2024
@argl
Copy link
Contributor

argl commented Aug 26, 2024

Hi, could you check again? Some changes have been deployed recently.

@github-actions github-actions bot removed the idle Issues and pull requests with no activity for three months. label Aug 27, 2024
@azfar26
Copy link
Author

azfar26 commented Sep 4, 2024

@argl I'm able to scan my API now. Thanks for the fix! 👍🏼

@azfar26 azfar26 closed this as completed Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
expert help needed Needs more information from a subject matter expert (SME). p2 We want to address this but may have other higher priority items.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@argl @azfar26