Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

nodejs / security-wg

Node.js Ecosystem Security Working Group

MIT License

489 stars 121 forks source link

Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks #1190

Open UlisesGascon opened 7 months ago

UlisesGascon commented 7 months ago

We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)

The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)

Context

Discussion during the last meeting (Minute 48:08)
CII Best Practices: Security
Team Discussion

Potential actions

TBD

ljharb commented 7 months ago

I assume if the website has CORS and HSTS set up, this will be satisfied.

github-actions[bot] commented 4 months ago

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.

github-actions[bot] commented 1 month ago

This issue has been inactive for 90 days. It will be closed in 14 days unless there is further activity or the stale label is taken off.