Dashboard shows inappropriate warnings about automatic HTTP security diagnostic
Steps to reproduce:
- Install dmaster with recent version (e.g. 5.13.alpha1). (Or, if you already have one, then make sure to log out of it.)
- Clear caches (e.g.
cv flush
) - Login
- Observe the dashboard:
I did a git bisect
and traced this to 4094935a, which changes the technique for detecting HTTP security issues (i.e. get_headers()
replaced with similar Guzzle calls). Apparently, Guzzle is more noisy, which sounds generally good... except in this case, HTTP errors are expected and desired - and should not be reported.
Environment: bknix-dfl