cispa
diff --git a/‎CITATION.cff‎
Lines changed: 39 additions & 0 deletions b/‎CITATION.cff‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 187 additions & 173 deletions b/‎README.md‎
Lines changed: 187 additions & 173 deletions
diff --git a/‎TODOS.md‎
Lines changed: 0 additions & 11 deletions b/‎TODOS.md‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎_hp/common/frame-script-csp.html‎
Lines changed: 1 addition & 1 deletion b/‎_hp/common/frame-script-csp.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎_hp/hp/test_external_api.py‎
Lines changed: 6 additions & 6 deletions b/‎_hp/hp/test_external_api.py‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎_hp/hp/tools/crawler/create_ipados_browser.py‎ renamed to ‎_hp/hp/tools/crawler/create_generic_browser.py‎
Lines changed: 1 addition & 1 deletion b/‎_hp/hp/tools/crawler/create_ipados_browser.py‎ renamed to ‎_hp/hp/tools/crawler/create_generic_browser.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎_hp/hp/tools/crawler/logs/.gitkeep‎ b/‎_hp/hp/tools/crawler/logs/.gitkeep‎
diff --git a/‎_hp/hp/tools/crawler/selenium_run_specific.py‎
Lines changed: 10 additions & 1 deletion b/‎_hp/hp/tools/crawler/selenium_run_specific.py‎
Lines changed: 10 additions & 1 deletion
diff --git a/‎_hp/hp/tools/create_responses.py‎
Lines changed: 1 addition & 2 deletions b/‎_hp/hp/tools/create_responses.py‎
Lines changed: 1 addition & 2 deletions
@@ -0,0 +1,39 @@
+cff-version: 1.2.0
+message: If you use this software, please cite both the article from preferred-citation and the software itself.
+authors:
+  - family-names: Rautenstrauch
+    given-names: Jannis
+  - family-names: Nguyen
+    given-names: Trung Tin
+  - family-names: Ramakrishnan
+    given-names: Karthik
+  - family-names: Stock
+    given-names: Ben
+title: Head(er)s Up! Detecting Security Header Inconsistencies in Browsers
+version: 1.0.0
+url: TODO
+doi: TODO
+date-released: '2025-09-01'
+preferred-citation:
+  authors:
+    - family-names: Rautenstrauch
+      given-names: Jannis
+    - family-names: Nguyen
+      given-names: Trung Tin
+    - family-names: Ramakrishnan
+      given-names: Karthik
+    - family-names: Stock
+      given-names: Ben
+  title: Head(er)s Up! Detecting Security Header Inconsistencies in Browsers
+  doi: TODO
+  url: TODO
+  type: conference-paper
+  pages: TODO
+  year: 'TODO'
+  isbn: 'TODO'
+  collection-title: Proceedings of the 32nd ACM Conference on Computer and Communications Security
+  conference:
+    name: CCS '25
+  publisher:
+    name: Association for Computing Machinery
+    address: New York, NY, USA
@@ -29,7 +29,7 @@ COPY entrypoint.sh /app/entrypoint.sh
 RUN chmod +x /app/entrypoint.sh
 
 # Expose ports
-EXPOSE 80 443 8443 9000
+EXPOSE 80 443
 
 # WORKDIR /app
 
 
@@ -5,7 +5,7 @@
 </head>
 
 <body>
-	<script src="https://sub.headers.websec.saarland/_hp/common/frame-script-csp.js"></script>
+	<script src="https://sub.{base_host}/_hp/common/frame-script-csp.js"></script>
 </body>
 
 </html>
@@ -64,24 +64,24 @@ def test_store_results():
     body = {
         "tests": [
             {
-                "name": "referrer_iframe|false|window.open|http://sub.headers.websec.saarland|199",
-                "outcome": "document.referrer: http://sub.headers.websec.saarland/_hp/server/responses.py?feature_group=rp&resp_id=199&count=1&nest=1&origin=http://sub.headers.websec.saarland&element=window.open&resp=1",
+                "name": f"referrer_iframe|false|window.open|http://{base_host}|199",
+                "outcome": f"document.referrer: http://{base_host}/_hp/server/responses.py?feature_group=rp&resp_id=199&count=1&nest=1&origin=http://{base_host}&element=window.open&resp=1",
                 "status": 0,
                 "message": None,
                 "stack": None,
                 "resp_scheme": "http",
-                "resp_host": "sub.headers.websec.saarland",
+                "resp_host": f"{base_host}",
                 "relation": "window.open",
             }
         ],
         "browser_id": "1",
-        "test": "http://sub.headers.websec.saarland/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://sub.headers.websec.saarland",
+        "test": f"http://{base_host}/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://{base_host}",
         "status": 0,
         "message": None,
         "stack": None,
         "org_scheme": "http",
-        "org_host": "sub.headers.websec.saarland",
-        "full_url": "http://sub.headers.websec.saarland/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://sub.headers.websec.saarland",
+        "org_host": f"{base_host}",
+        "full_url": f"http://{base_host}/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://{base_host}",
     }
 
     resp = httpx.post(
 
@@ -7,4 +7,4 @@
 browser_version = "122.0.6261.89"
 
 browser_id = get_or_create_browser(browser_name, browser_version, 'iPadOS 17.3.1', 'real', 'intent', '')
-print(browser_id)
+print(f"Browser ID: {browser_id}")
@@ -3,6 +3,7 @@
 from selenium.webdriver.support.wait import WebDriverWait
 from selenium.webdriver.support import expected_conditions as EC
 from hp.tools.crawler.desktop_selenium import get_browser
+import json
 
 
 def run_specific(url, browser_name, browser_version, binary_location, arguments):
@@ -28,10 +29,18 @@ def run_specific(url, browser_name, browser_version, binary_location, arguments)
     print(f"Visited, {browser_name}")
     driver.close()
 
+try:
+	wpt_config = json.load(open("/app/_hp/wpt-config.json"))
+except OSError:
+	try:
+		wpt_config = json.load(open("../../wpt-config.json"))
+	except OSError:
+		wpt_config = json.load(open("../../../wpt-config.json"))
+base_host = wpt_config["browser_host"]
 
 if __name__ == "__main__":
     # Configure URL and Browser to visit for manual verification/testing
-    url = "http://sub.headers.websec.saarland/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://sub.headers.websec.saarland"
+    url = f"http://sub.{base_host}/_hp/tests/referrer-access-rp.sub.html?resp_type=basic&browser_id=1&label=RP&first_id=199&last_id=199&scheme=http&t_resp_id=199&t_element_relation=iframe_window.open&t_resp_origin=http://sub.{base_host}"
     config = [
         # Browsers (managed by Selenium itself)
         # Released 2024-01-23
 
@@ -1,6 +1,6 @@
 """
 Generates all debug and basic responses.
-Parsing responses are generated in analysis/response_header_generation.ipynb
+Parsing responses are generated in response_header_generation.py
 """
 from hp.tools.models import Response, Session
 
@@ -310,7 +310,6 @@ def create_responses(header_list, label, status_code=200, resp_type="debug"):
                [(header_name, f"{v1}, {v2}, {v3}, {v4}, {v5}, {v6}, {v7}")],
                [(header_name, f"abc, {v1}")]
             ]
-# TODO
 # [["Strict-Transport-Security", "max-age=20"], ["Strict-Transport-Security", "max-age=20; includeSubDomains"], ["Strict-Transport-Security", "includeSubDomains"], ["Strict-Transport-Security", ""], ["Strict-Transport-Security", "max-age=20; includeSubDomains; preload"], ["Strict-Transport-Security", "max-age=0"], ["Strict-Transport-Security", "max-age=-5"]]
 create_responses(header_list, label, resp_type="basic")
 # Some basic headers with redirect