Skip to content

- Nginx: server_tokens off, CSP, COOP, CORP, Permissions-Policy headers,#47

Merged
Buffden merged 2 commits into
mainfrom
security-policies
Apr 7, 2026
Merged

- Nginx: server_tokens off, CSP, COOP, CORP, Permissions-Policy headers,#47
Buffden merged 2 commits into
mainfrom
security-policies

Conversation

@Buffden
Copy link
Copy Markdown
Owner

@Buffden Buffden commented Apr 7, 2026

    • burst reduced from 10 to 5 on create_url zone
    • Bucket4j + Caffeine in-process per-IP rate limit filter (20 creations/hour) as application-layer defense on top of Nginx
    • cosign keyless image signing in deploy pipeline via Sigstore/OIDC
    • Gradle dependency hash verification (verification-metadata.xml, SHA-256)
    • v2 security hardening backlog documented (Turnstile CAPTCHA, distributed rate limiting, CloudWatch retention + alerting)
    • README updated with full request flow, security posture, and CI/CD details

Buffden added 2 commits April 7, 2026 17:03
@Buffden
- Nginx: server_tokens off, CSP, COOP, CORP, Permissions-Policy headers,
8cd228e 
    burst reduced from 10 to 5 on create_url zone
  - Bucket4j + Caffeine in-process per-IP rate limit filter (20 creations/hour)
    as application-layer defense on top of Nginx
  - cosign keyless image signing in deploy pipeline via Sigstore/OIDC
  - Gradle dependency hash verification (verification-metadata.xml, SHA-256)
  - v2 security hardening backlog documented (Turnstile CAPTCHA, distributed
    rate limiting, CloudWatch retention + alerting)
  - README updated with full request flow, security posture, and CI/CD detail
@Buffden
verification metadata fix
61fe6b6
@Buffden Buffden merged commit ed0f14c into main Apr 7, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Buffden