Closed htdvisser closed 2 years ago
It would be good to check and extend our security headers on HTTP endpoints.
Security.
In #2382 I just copied the existing security headers middleware.
I think it would be good to review the current headers and add some more where possible.
CSP headers will be enabled by default after #4880.
HSTS was updated in https://github.com/TheThingsIndustries/lorawan-stack-aws/pull/551
Summary
It would be good to check and extend our security headers on HTTP endpoints.
Why do we need this?
Security.
What is already there? What do you see now?
In #2382 I just copied the existing security headers middleware.
What is missing? What do you want to see?
I think it would be good to review the current headers and add some more where possible.