Open gggrant opened 2 years ago
To be added to the htaccess
To be added to the htaccess
Now that we have moved to nginx, this will be a bit different since nginx does not use .htaccess files.
@GCTC-NTGC/developers this issue is nearly two years old and our oldest open issue in this repo. do we have any path forward for this or should it be closed?
@GCTC-NTGC/developers this issue is nearly two years old and our oldest open issue in this repo. do we have any path forward for this or should it be closed?
I think we should define the issue a bit more but we really should get this in. It's pretty tedious but is a good idea. Something we could do is setup a very strict report only policy which will report on all resources we need to consider for the policy. The next step would be to review that report (found in the warning console) and apply an appropriate policy to every one. At least, that is how I have approached it in the past.
I've tried to create a focused first step: 10420
This comment was automatically written by the Blocking Issues bot, and this PR will be monitored for further progress.
Our next release will start reporting violations in our logs (assuming no issues are found and we don't need to rollback the headers).
Do we want to set a date to review violations to determine if we can move forward on this now?
Currently we just have the old one from TalentCloud commented out in our CI pipelines in Azure.
This should to be updated for gc-digital-talent policies and added to the .htaccess write-out task in each.
Details
After #10614, if we don't see errors, we make the policies strict.
🛑 Blockers
Acceptance Criteria