You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Permissions-Policy header not implemented
Severity very low, not fixed.
Reverse proxy detected
Severity very low, not fixed.
HTTP Strict Transport Security (HSTS) not following best practices (No includeSubDomains directive)
The method used in the below PR has the needed changes, and now we started using this.
OMS PR - https://git.hotwax.co/commerce/oms/-/merge_requests/4688/diffs
Note: Nothing is fixed at app side regarding the above vulnerabilities as of now, should be handled by the changes done at OMS side. If needed CSP can be handled at app side using meta tags -
e.g. Adding below meta tag in index.html file. <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"/>
What is the motivation for adding/enhancing this feature?
Here is the Report -
20240221_OWASP_Top_10_2021_https_launchpad_hotwax_io_home.pdf
What are the acceptance criteria?
All the critical vulnerabilities should be fixed.
Can you complete this feature request by yourself?
Additional information
The text was updated successfully, but these errors were encountered: