-
The `net/http/pprof` package _implicitly_ registers HTTP handlers through its `init()` function. I argue this implicit behavior is too subtle and may contribute to people inadvertently leaving such en…
-
# Use Case
There are use cases where having HTTP and HTTPS with `http_verify_clients` simultaneously available is useful, for example:
## ELB Health Checks
via @weargoggles on https://github.c…
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022
-
Issue Level: Moderate
First Discovered: 11/14/2023
Remediation Date: 2/12/2024
-
Though not an issue during development, it will be very important in the future that we use SSL/HTTPS to encrypt post requests for user login and registration as otherwise, user password data is sent …
FFX01 updated
9 years ago
-
I'm trying to activate HTTP Strict Transport Security (HSTS) by following [NGINX's official approach](https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
As I understand it,…
-
Issue Level: Moderate
First Discovered: 1/22/2022
Remediation Date: 4/22/2022
-
Please support HSTS in chartmuseum. This is necessary for us to meet the security compliance requirements.
Ref: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/HTTP_Strict_Transpo…
-
We need an https certificate. $$$ y'all.
-
It looks like you no longer own https://www.astra-security.info/ - worth reregistering it, or removing the link from the repo?