Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Axon Server UI does not generate several HTTP headers that are part of security Best Practices #528

Open
bert-laverman opened this issue Aug 2, 2022 · 0 comments
Open

The Axon Server UI does not generate several HTTP headers that are part of security Best Practices #528

bert-laverman opened this issue Aug 2, 2022 · 0 comments
Labels
Status: Under Discussion Type: Enhancement

Comments

@bert-laverman
Copy link

When testing the UI with https://securityheaders.com, 4 headers are shown as missing:

  • Content-Security-Policy can restrict what sites may be used for loading e.g. JavaScript
  • X-Frame-Options is to prevent click-jacking where the page is shown in an IFrame
  • Referrer-Policy is only relevant when a page contains links going to other sites and controls if the browser is allowed to tell that other site where it came from.
  • Permissions-Policy is about allowing (or disallowing) browser options such as the usage of the microphone and camera while on this page.

See https://developer.okta.com/blog/2021/10/18/security-headers-best-practices
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Under Discussion Type: Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bert-laverman