Closed openjck closed 6 years ago
I've made good progress this branch of my fork. Those changes get us a B+ from Observatory and Firefox doesn't print any errors, but Chrome prints a ton of console errors and I haven't tested other browsers at all.
The DataOps hosting gets us a B from Observatory, with the only lost points coming from the lack of a CSP header. Blake can add CSP once we decide on a value. That should be pretty easy, so I'm going to move this to the release milestone.
This is almost done. I'm working with Jason to improve our score further, which includes serving a CSP that's already written.
All done. We now get an A+.
Observatory is a security testing tool created within Mozilla. We should address as much of its feedback as possible.
https://observatory.mozilla.org/analyze/moz-ensemble.herokuapp.com