-
In `ApiMiddleware.php`, Shaarli sets a few HTTP response headers ( [`Access-Control-Allow-Methods`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods), [`Access-Co…
-
**Is your feature request related to a problem? Please describe.**
An organization may have one more security strategies, that also may be specific to a certain flow. These may also extend to various…
-
# Vulnerability details
### URL
https://zipper.dev,https://*.zipper.run/**/*
### Description
The HTTP protocol implements headers as a part of requests and responses, and these headers communicate wi…
-
### HTTP Security Headers are not implemented
HTTP headers let the client and the server pass additional information with an HTTP request or response. [HTTP headers](https://en.wikipedia.org/wiki/L…
-
If you check the webadmin page with https://securityheaders.com you get warnings for all related http security headers:
- Strict-Transport-Security
- Content-Security-Policy
- X-Frame-Options
- X-…
-
### Bug description
When I visit the main webpage of JupyterHub, a number of security headers are missing:
- "Strict-Transport-Security"
- "X-Frame-Options"
- "X-Content-Type-Options"
- "X-…
-
Context: https://github.com/rust-lang/rust-www/issues/148
CloudFront doesn't support HSTS (https://forums.aws.amazon.com/thread.jspa?messageID=651244). Could potentially proxy through doc.r-l.o like …
-
~~See https://securityheaders.com (currently C rating).~~
-
Working for the current (3.9.3) are the following ones:
```
Strict-Transport-Security "max-age=63072000";
X-Frame-Options "sameorigin";
Content-Security-Policy "default-src 'self'; style-src 'se…
-
**Is your feature request related to a problem? Please describe.**
I would like to improve FormWrapper's security features, which don’t fully protect against common security vulnerabilities. Issues…