Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mitigate XSS threats #147

Merged
merged 8 commits into from Jan 10, 2020
Merged

Mitigate XSS threats #147

merged 8 commits into from Jan 10, 2020

Conversation

@ianwow
Copy link
Contributor

ianwow commented Jan 9, 2020

Issue #, if available:

This PR comes from a requirement to mitigate XSS threats.

Description of changes:

  1. Moved environment variables from .env to public/runtimeConfig.json
  2. Eliminated the need to update backend endpoints by mutating precompiled webapp code
  3. Added Subresource Integrity (SRI) checks in webpack so browsers can verify that files they fetch are delivered without unexpected manipulation.

TEST RESULTS:

tests-concurrency
2 passed in 447.23 seconds

tests-parameterized-rekognition
1 passed in 557.07s

tests-udi
1 passed in 97.57 seconds

tests-workflowapi
8 passed in 428.66 seconds

@ianwow ianwow changed the base branch from master to development Jan 9, 2020
@ianwow ianwow requested a review from brandold Jan 9, 2020
@ianwow ianwow changed the title Mitigate xss Mitigate XSS threats Jan 9, 2020
Copy link
Contributor

brandold left a comment

This looks good! Glad we simplified the variable replacement process. As long as the webapp was deployed / tested, I'm ok with these changes being delivered.

@ianwow ianwow merged commit b99bcb9 into development Jan 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.