-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
satellite/console: Add security headers #3615
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
requested review from
crawter and
Qweder93
and removed request for
a team
November 20, 2019 14:02
brimstone
added
Request Code Review
Code review requested
Reviewer Can Merge
If all checks have passed, non-owner can merge PR
labels
Nov 20, 2019
crawter
reviewed
Nov 20, 2019
crawter
reviewed
Nov 20, 2019
crawter
previously approved these changes
Nov 20, 2019
thepaul
previously approved these changes
Nov 20, 2019
crawter
previously approved these changes
Nov 20, 2019
thepaul
approved these changes
Nov 21, 2019
crawter
approved these changes
Nov 21, 2019
bryanchriswhite
added a commit
that referenced
this pull request
Nov 25, 2019
* storj/master: (63 commits) web/satellite: token payments logic (#3581) satellite/metainfo: reduce pointerDB access for CommitObject (#3589) satellite/metainfo: Fix misspelling in comment (#3636) argon2: choose a steady parallelism value (#3630) satellitedb: add support to testplanet for cockroachdb (#3634) satellite/console/auth: return in error handle added (#3639) Make sed a little more cross platformable (#3629) web: ms edge support bug fixed (#3638) web/satellite: registration/welcome message fixed, usage-report url fixed, storj-sim fixed (#3622) web/satellite: fonts changed to Inter (#3620) storagenode/updater: read identity location from storagenode's config.yaml (#3607) cmd/segment-reaper: Implement bitmask type (#3626) storagenode/gracefulexit: improve logging (#3633) private/testplanet: add a mock referral manager server into testplanet (#3631) satellite/gracefulexit: refactor concurrency (#3624) pkg/pb/referralmanager: update to add satellite ID to Get Tokens request (#3625) satellite/metainfo: improve Loop comments (#3595) storagenode: add bandwidth metrics (#3623) satellite/console: Add security headers (#3615) satellite/payments: token deposit accept cents (#3628) ...
bryanchriswhite
pushed a commit
to bryanchriswhite/storj
that referenced
this pull request
Oct 29, 2020
* satellite/console: Add X-Frame-Options and Referrer-Policy security headers * Update to use CSP instead of XFO and include tardigrade.io * Make FrameAncestors a config option * Update satellite-config lock * Make help text for FrameAncestors better
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
cla-signed
Request Code Review
Code review requested
Reviewer Can Merge
If all checks have passed, non-owner can merge PR
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What: Adds X-Frame-Options and Referrer-Policy security headers to the
satellite console.
Why: There's a bunch of HTTP Headers that secure sites should use. This
PR adds two to the ones already sent.
Please describe the tests: Existing tests.
Please describe the performance impact: Maybe a little bit?
Code Review Checklist (to be filled out by reviewer)