False positives for external links

[dpinn]

The following web item, which represents a link to our customer support portal, triggered some false positives in the CSRT report.

{
  "location": "admin_plugins_menu/admin-section",
  "weight": 200,
  "styleClasses": [
    "webitem",
    "system-present-webitem"
  ],
  "url": "https://projectbalm.atlassian.net/servicedesk/customer/portal/1",
  "tooltip": {
    "value": "Submit a support request"
  },
  "name": {
    "value": "Get support"
  },
  "key": "admin-support-link"
}

Requirement 5 - Authentication and Authorization of Application Resources

One or more endpoints returned a <400 status code without authentication information. This may indicate that your app is not performing authentication and authorization checks.

Requirement 12 - Referrer Policy

We did not detect the correct Referrer-Policy header on one or more endpoints.

Requirement 16 - App Name and Domain Branding Violations

Your app name or domain contained words that are not allowed

Maybe external links should be excluded from the checks?

[seanmarpo]

Thanks for reporting this -- This is definitely a bug. I've tagged it as such, and we will get working on it.

[dziadyk-m]

I think that the same problem occures with Requirement 2 - Cache Control