Improve security headers

ngrok / ngrok-docs

ngrok's official documentation

https://ngrok.com/docs

MIT License

53 stars 1.98k forks source link

Improve security headers #52

Open sudobinbash opened 1 year ago

sudobinbash commented 1 year ago

https://securityheaders.com/?q=ngrok.com%2Fdocs2&hide=on&followRedirects=on

sudobinbash commented 1 year ago

Because our docs are now static, we cannot include security headers in the code (that goes on the middle of the traffic. i.e. add response headers on ALB)

sudobinbash commented 1 year ago

This is also related to https://github.com/ngrok/ngrok-docs/issues/51

alex-bezek commented 1 year ago

I think we have 2 options:

add the headers via a cloudfront policy https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/creating-response-headers-policies.html
have nginx add the headers https://kubernetes.github.io/ingress-nginx/examples/customization/custom-headers/

I'd err on the cloudfront approach to avoid putting more requirements on nginx since i think its going to go away soon-ish