Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

website security #45

Closed
dsschult opened this issue May 9, 2016 · 2 comments
Closed

website security #45

dsschult opened this issue May 9, 2016 · 2 comments
Labels
help wanted

Comments

@dsschult
Copy link
Collaborator

dsschult commented May 9, 2016

(imported from trac: #850)

Things to check on:

  • secure cookies
  • HttpOnly? cookies
  • strict transport security
  • content security policy
  • iframe options
  • xss protection
  • mime-type sniffing
@dsschult dsschult added this to the 2.1 milestone May 9, 2016
@dsschult
Copy link
Collaborator Author

dsschult commented May 9, 2016

xss protection and secure cookies are now enabled for the login form. they are probably impossible to implement for jsonrpc, since that also needs to handle job requests.

@dsschult dsschult modified the milestone: 2.1 Sep 16, 2016
@Atavic
Copy link

Atavic commented Apr 13, 2017

Info about Mime type sniffing: ipfs/notes#222

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dsschult @Atavic