search

JulianNorton / weather-10kb-wxkb

Weather forecast that's high performance and accessible
https://wxkb.juliannorton.com
GNU General Public License v2.0
152 stars 49 forks source link

Implement security headers #161

Closed JulianNorton closed 7 years ago

JulianNorton commented 7 years ago

What's the current situation?

https://securityheaders.io/?q=https://wxkb.io/ Fails and shows security flaws.

What do you recommend?

Add correct headers in head and resolve other errors like 'xss protection'.

anestv commented 7 years ago

I think I can look into this

JulianNorton commented 7 years ago

Thank you @anestv ! Let me know if you'd prefer splitting it out into separate issues. Any progress is appreciated.

nodox commented 7 years ago

https://github.com/helmetjs/helmet

This will give you best protection for express apps

JulianNorton commented 7 years ago

https://securityheaders.io/?q=https://wxkb.io/ A+! :)

Thank you @anestv for the implementation and @nodox for the recommendation.