htdvisser
commented
2 years ago CSP headers will be enabled by default after #4880.
HSTS was updated in https://github.com/TheThingsIndustries/lorawan-stack-aws/pull/551
Closed htdvisser closed 2 years ago
htdvisser
commented
2 years ago CSP headers will be enabled by default after #4880.
HSTS was updated in https://github.com/TheThingsIndustries/lorawan-stack-aws/pull/551
Summary
It would be good to check and extend our security headers on HTTP endpoints.
Why do we need this?
Security.
What is already there? What do you see now?
In #2382 I just copied the existing security headers middleware.
What is missing? What do you want to see?
I think it would be good to review the current headers and add some more where possible.