Skip to content
This repository has been archived by the owner on Dec 11, 2024. It is now read-only.

Improve security headers #450

Open
tmpfs opened this issue Feb 5, 2021 · 4 comments
Open

Improve security headers #450

tmpfs opened this issue Feb 5, 2021 · 4 comments
Assignees
@tmpfs

Comments

@tmpfs
Copy link
Collaborator

tmpfs commented Feb 5, 2021

https://securityheaders.com/?q=https%3A%2F%2Fstage.uwe.app&followRedirects=on

For the built in server and for the cloudfront proxy.
@tmpfs tmpfs self-assigned this Feb 5, 2021
@tmpfs
Copy link
Collaborator Author

tmpfs commented Feb 5, 2021

Here is it green https://securityheaders.com/?q=https%3A%2F%2Fwww.feroot.com%2F&followRedirects=on

@tmpfs
Copy link
Collaborator Author

tmpfs commented Feb 6, 2021

Initial work for the local server is done in 3c1df1f. Requires improvements to support customizing permissions-policy and content-security-policy.

Also need to update the cloudfront setup to add these standard headers.

@tmpfs
Copy link
Collaborator Author

tmpfs commented Feb 6, 2021

See: https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/

@tmpfs
Copy link
Collaborator Author

tmpfs commented Feb 6, 2021

Mozilla observatory is also useful: https://observatory.mozilla.org/analyze/tmpfs.org

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tmpfs tmpfs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tmpfs