search

uwe-app / app

Universal web editor
https://uwe.app
0 stars 0 forks source link

Improve security headers #450

Open tmpfs opened 3 years ago

tmpfs commented 3 years ago

https://securityheaders.com/?q=https%3A%2F%2Fstage.uwe.app&followRedirects=on

For the built in server and for the cloudfront proxy.

tmpfs commented 3 years ago

Here is it green https://securityheaders.com/?q=https%3A%2F%2Fwww.feroot.com%2F&followRedirects=on

tmpfs commented 3 years ago

Initial work for the local server is done in 3c1df1f16d2bb61711b83a3fa7605a04ff0e10bc. Requires improvements to support customizing permissions-policy and content-security-policy.

Also need to update the cloudfront setup to add these standard headers.

tmpfs commented 3 years ago

See: https://aws.amazon.com/blogs/networking-and-content-delivery/adding-http-security-headers-using-lambdaedge-and-amazon-cloudfront/

tmpfs commented 3 years ago

Mozilla observatory is also useful: https://observatory.mozilla.org/analyze/tmpfs.org