Updated for protection against MIME & XSS based attacks

Cloud-CV / Fabrik

:factory: Collaboratively build, visualize, and design neural nets in browser

GNU General Public License v3.0

1.12k stars 235 forks source link

Updated for protection against MIME & XSS based attacks #450

Open yashdusing opened 5 years ago

yashdusing commented 5 years ago

Updated headers to ajax call for protection against MIME and XSS based attacks

Ram81 commented 5 years ago

@yashdusing can you use the methods listed in #459 to verify the changes you made for HTTP Headers works and mention the results here.

yashdusing commented 5 years ago

It shows up as unprotected (the same as shown in #459). Although I do have a doubt. 0.0.0.0:8000 is the home page site which has no headers on it. The headers are added to the ajax calls made to import/export or other apps so isn’t it supposed to show up not protected ?(unless we somehow added XSS protection to home page)

yashdusing commented 5 years ago

So 0.0.0.0:8000/layer_parameter also is shown as unprotected 😓. I will have to figure out why

yashdusing commented 5 years ago

screenshot_20181117_235839 Updated for main page with postman results