-
I can't find a way to set StaticSite's security headers, like `X-Frame-Options: "SAMEORIGIN"`. The SSR sites allow you do manually set headers in responses (and I think they have the defaults as high…
-
Hi,
If somebody is still using this, and needs to use python 3.10, then this will popup:
```
python3 ./securityheaders.py …
-
Per https://github.com/w3c/webappsec-feature-policy/issues/189#issuecomment-627339552 the spec is still in flux.
https://featurepolicy.info/ only lists Chrome and Firefox, and https://caniuse.com/#…
-
Potential fix is fetching redirects during build time
-
While implementing the Feature-Policy header in Globaleaks (https://github.com/globaleaks/GlobaLeaks/issues/2667) and retesting it with https://securityheaders.com/ i just found out that [display-capt…
-
When setting up global security, all pages require to be authorized. But i don't want such a feature on login page. How can i disable it on a specific page?
```ts
@endpoint({
method: 'POST',
…
-
We will be creating our API spec, hopefully created by spot. However (and this is an example), we have headers that can either accept a cookie or authentication information. This is legacy code and no…
-
Hi,
I'm trying to figure out how to use helmet[Helmet](https://www.npmjs.com/package/helmet) with nextjs serverless component, however I couldn't find any docs relating to this. Any support or advic…
-
Regarding htbridge.com section, there is the SSL test (https://www.htbridge.com/ssl/).
Would it be possible adding these two too? https://www.htbridge.com/radar/ and https://www.htbridge.com/websec…
p43b1 updated
7 years ago
-
# 🌱 Feature Request
## Is your feature request related to a problem? Please describe.
Currently the package doesn't support the `Feature-Policy` header, nor the `Permission-Policy` header.
Although…