Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
LCD and RPC endpoints to expose security headers #4304
Cosmos RPC and light client endpoints should return HTTP security headers.
A recent penetration test suggested that our public facing RPC/LCD nodes should expose the following headers in the response:
I'm caught between whether these headers ought to be exposed by the clients themselves, or whether we should introduce a load balancer (which is our current workaround) to enforce these headers.
Your thoughts are appreciated :)
RPC and LCD should (optionally?) expose the HTTP security headers listed above.
For Admin Use