ourjapanlife / findadoc-web

Front-end repository for Find a Doc, Japan

https://findadoc.jp

BSD 3-Clause "New" or "Revised" License

15 stars 14 forks source link

Frontend Security Checkup #124

Open ann-kilzer opened 1 year ago

ann-kilzer commented 1 year ago

Requirements

Mozilla has a neat tool for inspecting security on websites. Once we have the website stood up, perhaps post MVP, let's investigate this:

https://observatory.mozilla.org/analyze/findadoc.jp

And address any security concerns

Dependencies

Post MVP, once findadoc.jp links to the current build

NabbeunNabi commented 4 months ago

When it comes to the site based on the link above. The site received a score of C. Most of the issues for security were based on headers.

Security Issues Flagged

Content Security Policy | | -25 | Content Security Policy (CSP) header not implemented
X-Content-Type-Options | | -5 | X-Content-Type-Options header not implemented
X-Frame-Options | | -20 | X-Frame-Options (XFO) header not implemented

Research

I need to do more research on this. But for the site as it is right now. I do not know how pressing of an issue it is to provide this security as we are not storing any sensitive data.