search

nycmeshnet / meshdb

A convenient, stable, and sane database for tracking Members and Nodes for use with robots and humans
https://db.nycmesh.net
MIT License
12 stars 14 forks source link

Add various HTTP headers to improve security #643

Closed Andrew-Dickinson closed 1 month ago

Andrew-Dickinson commented 1 month ago

Improve our security by following the HTTP header recommendations from the following resources:

Setting X-Forwarded-Proto also fixes a bug which caused a mixed content error on the changes from #636, since it fixes the value Django uses for request.scheme (currently set to http in prod due to the reverse proxy)

codecov[bot] commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 94.18%. Comparing base (28649c1) to head (c08c817). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #643 +/- ## ======================================= Coverage 94.18% 94.18% ======================================= Files 80 80 Lines 3251 3251 ======================================= Hits 3062 3062 Misses 189 189 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.