Open romichg opened 8 years ago
Is this something that can make it back to current and previous versions as well? At least for some of the headers, they can be easily added to the web server configuration without needing to be application-specific (like CSP would need).
We should be able to fix it for 4.0 and 3.6 versions. I don't know about anything older then that.
As @craSH points out "I checked the current one and it doesn't appear to have explicit Clickjacking prevention via X-Frame-Options headers (or any of the security headers, woups)"
We should set appropriate security headers. https://securityheaders.io/?q=https%3A%2F%2Fteammentor.net%2Fangular%2Fguest%2Flogin&hide=on