Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security headers to the website #134

Open
4 tasks
vingkan opened this issue Jul 28, 2021 · 0 comments
Open
4 tasks

Add security headers to the website #134

vingkan opened this issue Jul 28, 2021 · 0 comments
Assignees
@olakukielko @vingkan @Jmacias2019
Labels
enhancement New feature or request security Cybersecurity for the system.

Comments

@vingkan
Copy link
Contributor

vingkan commented Jul 28, 2021

Headers to Add

Based on the report from securityheaders.com we have four high-priority security headers to add to our website:

  • Add Content-Security-Policy header to defend against cross-site scripting attacks
  • Add X-Frame-Options header to defend against clickjacking and external iframing
  • Add X-Content-Type-Options header to prevent browser from MIME-sniffing content
  • Add Referrer-Policy header to hide referrer information from other pages

Environments to Check

These changes should not disrupt the development or production environments. Remember to check these four methods of running the app:

Development

1. Local App with Local Server

In one terminal:

run api 9

In the other terminal:

run app 9

Then check your Cloud9 URL.

2. Local App with Production Server

run app 9 api prod

Then check your Cloud9 URL.

3. Static Local App with Local Server

In one terminal:

run api 9

In the other terminal:

run app 9 static

Then check your Cloud9 URL.

Production

4. Production App with Production Server

Submit a pull request, get it approved, and deploy the app to production.

Then check our production URL.
@vingkan vingkan added enhancement New feature or request security Cybersecurity for the system. labels Jul 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olakukielko olakukielko

@vingkan vingkan

@Jmacias2019 Jmacias2019

Labels
enhancement New feature or request security Cybersecurity for the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@olakukielko @vingkan @Jmacias2019