This repository has been archived by the owner on Mar 19, 2024. It is now read-only.
Add HTTP security headers #168
Assignees
Comments
|
I think this is all sorted now via a number of PRs including:
@neilbmclaughlin Can this be closed? |
|
Closing as it has been rectified. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Concern over the lack of security headers has been raised by others.
While I don't think we have any security vulnerabilities, since we have no exposure to XSS (nunjucks sanitises input) and do not have sensitive data or sessions tokens, it seems prudent to introduce these best practice measures sooner rather than later.
The text was updated successfully, but these errors were encountered: