Some small fixes

Signed-off-by: BlackDex <black.dex@gmail.com>

src/static/scripts/admin_diagnostics.js

@@ -276,7 +276,7 @@ async function checkHttpResponse() {
     const [apiConfig, webauthnConnector, notFound, notFoundApi, badRequest, unauthorized, forbidden] = await Promise.all([
         fetchCheckUrl(`${BASE_URL}/api/config`),
         fetchCheckUrl(`${BASE_URL}/webauthn-connector.html`),
-        fetchCheckUrl(`${BASE_URL}/admin/does-not-exists`),
+        fetchCheckUrl(`${BASE_URL}/admin/does-not-exist`),
         fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=404`),
         fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=400`),
         fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=401`),

src/util.rs

@@ -51,6 +51,7 @@ impl Fairing for AppHeaders {
             }
         }
 
+        // NOTE: When modifying or adding security headers be sure to also update the diagnostic checks in `src/static/scripts/admin_diagnostics.js` in `checkSecurityHeaders`
         res.set_raw_header("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()");
         res.set_raw_header("Referrer-Policy", "same-origin");
         res.set_raw_header("X-Content-Type-Options", "nosniff");