Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mitigate XSS threats #147

merged 8 commits into from Jan 10, 2020

Mitigate XSS threats #147

merged 8 commits into from Jan 10, 2020


Copy link

ianwow commented Jan 9, 2020

Issue #, if available:

This PR comes from a requirement to mitigate XSS threats.

Description of changes:

  1. Moved environment variables from .env to public/runtimeConfig.json
  2. Eliminated the need to update backend endpoints by mutating precompiled webapp code
  3. Added Subresource Integrity (SRI) checks in webpack so browsers can verify that files they fetch are delivered without unexpected manipulation.


2 passed in 447.23 seconds

1 passed in 557.07s

1 passed in 97.57 seconds

8 passed in 428.66 seconds

@ianwow ianwow changed the base branch from master to development Jan 9, 2020
@ianwow ianwow requested a review from brandold Jan 9, 2020
@ianwow ianwow changed the title Mitigate xss Mitigate XSS threats Jan 9, 2020
Copy link

brandold left a comment

This looks good! Glad we simplified the variable replacement process. As long as the webapp was deployed / tested, I'm ok with these changes being delivered.

@ianwow ianwow merged commit b99bcb9 into development Jan 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.