jellyfin / jellyfin.org

The Jellyfin website, blog, and user documentation
http://jellyfin.org
Other
83 stars 299 forks source link

Implement modern web security standards #375

Open randomhydrosol opened 1 year ago

randomhydrosol commented 1 year ago

The following security features aren't implemented for the website and should be: HTTP strict transport security (HSTS) with preloading Strong CSP Security headers: x-content-type-options x-frame-options Explicitly disable xss auditor

masterflitzer commented 2 months ago

just some minor considerations:

so i'd remove this from your comment:

x-frame-options Explicitly disable xss auditor