-
Atm the lib uses a hardcoded list of possible cookie names/substring.
https://github.com/aidantwoods/SecureHeaders/blob/f60c3b752114036fbf621a813ead3c3dc7b4c34a/src/SecureHeaders.php#L77
Wouldnt…
-
References:
- https://github.com/goldbergyoni/nodebestpractices/blob/master/sections/security/secureheaders.md
- https://expressjs.com/en/advanced/best-practice-security.html
- https://itnext.io/ho…
-
In my app, I use the [secure_headers](https://github.com/twitter/secureheaders) gem, which takes care of all the issues reported by the Owasp Ror Cheatsheet Security Related Headers. It would be great…
-
Hi there,
I have added this package to my Laravel app, I am also using Intertia.js on the frontend. Everytime I make a post request I am getting a `419 unknown status` error being returned. It look…
-
SecureHeaders was originally written in PHP 7.
However, I wanted as many people as possible to be able to use these browser security features easily, and didn't want it to be unusable by someone ju…
-
If there are any concerns that need addressing prior to a release (and therefore subsequent locking of the public API compatibility to the major version) please open a new issue or raise them below :)…
-
I am seeing the following in my Rails production log, using v2.13.3
```
Rollbar.js could not be added because undefined method `current_csp' for # exception
```
This is after upgrading `secure_heade…
-
This is more of a meta issue where I'm going to drop notes before actually coming up with a documented plan.
We intend to go through this process in the not so distant future and will have lessons…
-
@ajvb We're already doing all these https://github.com/cryptag/gosecure/blob/master/gosecure.go
There is probably more we can do: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
-
http://brakemanscanner.org/
jarib updated
11 years ago