-
Hi,
If somebody is still using this, and needs to use python 3.10, then this will popup:
```
python3 ./securityheaders.py …
-
Per https://github.com/w3c/webappsec-feature-policy/issues/189#issuecomment-627339552 the spec is still in flux.
https://featurepolicy.info/ only lists Chrome and Firefox, and https://caniuse.com/#…
-
We got some reports in the past that it is possible to run a "clickjacking" attack against giveth.io
(essentially people could embed the whole site in an iframe and display it on their site, changi…
-
When setting up global security, all pages require to be authorized. But i don't want such a feature on login page. How can i disable it on a specific page?
```ts
@endpoint({
method: 'POST',
…
-
While implementing the Feature-Policy header in Globaleaks (https://github.com/globaleaks/GlobaLeaks/issues/2667) and retesting it with https://securityheaders.com/ i just found out that [display-capt…
-
Potential fix is fetching redirects during build time
-
We will be creating our API spec, hopefully created by spot. However (and this is an example), we have headers that can either accept a cookie or authentication information. This is legacy code and no…
-
Hi,
I'm trying to figure out how to use helmet[Helmet](https://www.npmjs.com/package/helmet) with nextjs serverless component, however I couldn't find any docs relating to this. Any support or advic…
-
Regarding htbridge.com section, there is the SSL test (https://www.htbridge.com/ssl/).
Would it be possible adding these two too? https://www.htbridge.com/radar/ and https://www.htbridge.com/websec…
p43b1 updated
7 years ago
-
https://github.com/rafaeldsousa/silverstripe-securityheaders/blob/415fc9a61126a532a2bd47f89b49feaad5a692eb/src/extensions/SecurityHeadersExtension.php#L24
Could we remove this line, and enable/disa…