Dashboard shows inappropriate warnings about automatic HTTP security diagnostic
Steps to reproduce:
- Install dmaster with recent version (e.g. 5.13.alpha1). (Or, if you already have one, then make sure to log out of it.)
- Clear caches (e.g.
cv flush) - Login
- Observe the dashboard:
I did a git bisect and traced this to 4094935a, which changes the technique for detecting HTTP security issues (i.e. get_headers() replaced with similar Guzzle calls). Apparently, Guzzle is more noisy, which sounds generally good... except in this case, HTTP errors are expected and desired - and should not be reported.
Environment: bknix-dfl
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information