Add security related headers to build.servo.org #511
Closed
Commits on Oct 17, 2016
-
Add security related headers to build.servo.org
Add some headers to `build.servo.org` to improve our Mozilla Observatory score. The helps the cause of #473, by raising our score from F (0) to a whopping B- (65). The testing is still basic, the docker-observatory based testing will go in a different PR. To get to an A+ we must first implement https. This is the local observatory report: Score Rule Description -20 redirection Does not redirect to an https site. -20 strict-transport-security HTTP Strict Transport Security (HSTS) header cannot be set for sites not available over https. -5 contribute Contribute.json file missing from root of website. 5 content-security-policy Content Security Policy (CSP) implemented without 'unsafe-inline' or 'unsafe-eval'. 5 x-frame-options X-Frame-Options (XFO) implemented via the CSP frame-ancestors directive. Score: 65 Grade: B-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.