search

mozilla / ensemble

The platform that powers the Firefox Public Data Report :violin: :trumpet: :musical_keyboard:
https://data.firefox.com/
Mozilla Public License 2.0
20 stars 14 forks source link

Address feedback from Observatory #152

Closed openjck closed 6 years ago

openjck commented 6 years ago

Observatory is a security testing tool created within Mozilla. We should address as much of its feedback as possible.

https://observatory.mozilla.org/analyze/moz-ensemble.herokuapp.com

openjck commented 6 years ago

I've made good progress this branch of my fork. Those changes get us a B+ from Observatory and Firefox doesn't print any errors, but Chrome prints a ton of console errors and I haven't tested other browsers at all.

openjck commented 6 years ago

The DataOps hosting gets us a B from Observatory, with the only lost points coming from the lack of a CSP header. Blake can add CSP once we decide on a value. That should be pretty easy, so I'm going to move this to the release milestone.

openjck commented 6 years ago

This is almost done. I'm working with Jason to improve our score further, which includes serving a CSP that's already written.

openjck commented 6 years ago

All done. We now get an A+.