tobi-or-not-tobi
commented
4 years ago This documentation is likely making #329 obsolete, and fulfils parts of #217.
FYI @gladius-mtl
Open tobi-or-not-tobi opened 4 years ago
tobi-or-not-tobi
commented
4 years ago This documentation is likely making #329 obsolete, and fulfils parts of #217.
FYI @gladius-mtl
gladius-mtl
commented
4 years ago 👍 🙂
Spartacus is not adding security headers by default, nor does the infrastructure layer in ccv2 add any specific headers that might be required. This tickets acts as a way to start documenting what should be added to mitigate security risks, and when we (Spartacus/ccv2/security folks) come to a conclusion, most likely we create some dev tickets on the Spartacus repo.