Open craigcook opened 5 years ago
The Protocol website has a pretty minimal setup, and since it's served from a *.mozilla.org domain we should follow best practices and tighten up the security.
Currently an F on Observatory, we should try to get that up to a passing grade: https://observatory.mozilla.org/analyze/protocol.mozilla.org
For starters we need a CSP and there are some headers we should set.
Security folks have a checklist: https://github.com/mozilla-services/websec-check
Let me know if you have any questions / concerns etc
The Protocol website has a pretty minimal setup, and since it's served from a *.mozilla.org domain we should follow best practices and tighten up the security.
Currently an F on Observatory, we should try to get that up to a passing grade: https://observatory.mozilla.org/analyze/protocol.mozilla.org
For starters we need a CSP and there are some headers we should set.
Security folks have a checklist: https://github.com/mozilla-services/websec-check