search

seek-oss / skuba

🤿 SEEK development toolkit for backend applications and packages
https://seek-oss.github.io/skuba/
MIT License
60 stars 32 forks source link

Fix: enable secure header middleware by default #1601

Closed tadhglewis closed 1 week ago

tadhglewis commented 2 months ago

Idk why we wouldn't have this?

As such, it's important that this middleware is only used under these circumstances:

  1. The app's domain does not mix HTTP and HTTPS.

  2. The response is an API response, i.e. it is not being directly rendered by the browser.

  3. The responses have an accurate Content-Type header.

https://github.com/seek-oss/koala/tree/master/src/secureHeaders

changeset-bot[bot] commented 2 months ago

🦋 Changeset detected

Latest commit: caaece5e51b16773c6c5dc2c6278f8995b78a949

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

tadhglewis commented 2 months ago

Related: https://github.com/seek-oss/skuba/issues/1602

AaronMoat commented 2 months ago

Hoping for other opinions, but I don't mind the change. I'd like your thoughts on whether adding some form of warning / documentation linking is suitable here?