New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement better HTTP Header Security #437

Open
nynymike opened this Issue Jan 14, 2017 · 4 comments

Comments

Projects
None yet
7 participants
@nynymike
Contributor

nynymike commented Jan 14, 2017

@nynymike nynymike added the bug label Jan 14, 2017

@nynymike nynymike added this to the CE 3.0.0 milestone Jan 14, 2017

@ganesh-at-wiw

This comment has been minimized.

ganesh-at-wiw commented Jan 17, 2017

GluuFederation/community-edition-setup@f3cbc1b#diff-03977dfe18120f823fed2a0408021ef1

Above link contains my work on apache headers.

@yurem please have a look at content security policy.

@happymcplaksin

This comment has been minimized.

happymcplaksin commented Jan 18, 2017

Thanks for working on this! Many vendors are not working on this sort of thing so I really appreciate Gluu being proactive!

@yurem

This comment has been minimized.

Contributor

yurem commented Jan 19, 2017

After adding few headers and update scripts in oxTrust we get B+ rating: https://observatory.mozilla.org/analyze.html?host=ce-dev3.gluu.org

I'm changing Milestone to CE 3.1.0 to continue work on this in next version to achieve A rating.

@yurem yurem modified the milestones: CE 3.1.0, CE 3.0.0 Jan 19, 2017

@yurem

This comment has been minimized.

Contributor

yurem commented Aug 23, 2017

To apply more security settings we need to do small research and split this issue by few smaller issues. I think so, because some setting requires code changes. without code updates we can get functionality issue due to added restrictions. We need to check each option as separate issue. And it's better to start work on such issue during starting work on new release. I'm moving it to 3.2.0..

@yurem yurem modified the milestones: CE 3.2.0, CE 3.1.0 Aug 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment