Disagreement · 5502fb0d-openai-1

Tests do not cover the Permissions-Policy header present in middleware

solo GPT-5

repo e24ef98c·PR #5·reviewed 2 weeks ago

GPT-5 finding

Tests do not cover the Permissions-Policy header present in middleware

lowtest-gaphigh

apps/web/middleware.ts:20-23
apps/web/middleware.test.ts:31-60

Middleware sets a comprehensive Permissions-Policy header, but tests do not assert its presence or strictness. If the header were accidentally removed or loosened, current tests would not detect it.

Recommendation

Add a test asserting that the Permissions-Policy header exists and denies all listed features (e.g., contains "camera=()", "geolocation=()", and "microphone=()"), or snapshot the full header to catch accidental loosening/removal.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗