Update HTTP security headers for mailarchive.ietf.org

hassanakbar4 / mailarchive-tickets

0 stars 0 forks source link

Update HTTP security headers for mailarchive.ietf.org #281

Closed hassanakbar4 closed 2 years ago

hassanakbar4 commented 5 years ago

component_MailArchive: User Interface resolution_fixed type_enhancement | by rcross@amsl.com

check with securityheaders.com
also see https://trac.tools.ietf.org/tools/ietfdb/changeset/16142

Issue migrated from trac:2714 at 2021-09-22 16:55:41 +0500

hassanakbar4 commented 4 years ago

@hassanakbar4 changed priority from medium to major

hassanakbar4 commented 4 years ago

@hassanakbar4 changed status from new to accepted

hassanakbar4 commented 3 years ago

@hassanakbar4 commented

securityheaders.com reports these missing headers:

Content-Security-Policy Referrer-Policy Permissions-Policy

Permissions-Policy is not yet supported by Django or third-party https://code.djangoproject.com/ticket/30746

hassanakbar4 commented 3 years ago

@hassanakbar4 changed status from accepted to closed

hassanakbar4 commented 3 years ago

@hassanakbar4 changed resolution from ` tofixed`

hassanakbar4 commented 3 years ago

@hassanakbar4 commented

Fixed in [1039/mailarch]:

Add security headers. Fixes #2714.

Add security headers Content-Security-Policy and Referrer-Policy. This change includes removing all inline javascript and css in order to improve security settings.