Skip to content
This repository has been archived by the owner on Feb 23, 2019. It is now read-only.

Adds Helpful Default Values to CSP (Security Headers) & Grammar Corrections #363

Merged
merged 1 commit into from Feb 5, 2017
Merged

Adds Helpful Default Values to CSP (Security Headers) & Grammar Corrections #363

merged 1 commit into from Feb 5, 2017

Conversation

amiga-500
Copy link
Collaborator

@amiga-500 amiga-500 commented Feb 5, 2017
edited

This is dependent on #344 (the new Security Headers section to W3TC) and serves as an amendment.

Because the Content Security Policy (CSP) section can seem daunting at first for inexperienced users I felt it is important to include default values and placeholder field examples that users can rely on and use for this security feature. It makes for a better experience when using W3TC.

This amendment also fixes some grammatical errors I discovered in the Security Headers section. Sorry.

Snapshot of Default Values & Placeholder Examples

securityheader-csp

@amiga-500
Added Default Values for "Security Headers" (CSP) & Grammar Corrections
ef1a04a 
This is an amendment to #344 that adds in default values for the
"Content Security Policy" fields and fixes grammatical errors in the
"Security Headers" section.
@amiga-500 amiga-500 changed the title Adds Default Values to CSP (Security Headers) & Grammar Corrections Adds Helpful Default Values to CSP (Security Headers) & Grammar Corrections Feb 5, 2017
@amiga-500 amiga-500 merged commit c3739ba into v0.9.5.x Feb 5, 2017
@amiga-500 amiga-500 deleted the security_headers branch February 5, 2017 20:59
@amiga-500 amiga-500 mentioned this pull request Feb 13, 2017
Merged
amiga-500 added a commit that referenced this pull request Feb 13, 2017
@amiga-500
Important Change - Session Cookies (Security Headers) (#377)
4ca8e61 
This is dependent on #344 and #363 and relates to the Security Headers management of Session Cookies.

Previously, it was using the .htaccess (or nginx.conf) file to set those security options. But because each user's environment is different there isn't an assurance of the needed privileges to modify php values from said files.

As such, this management was shifted to be handled in code entirely, which is a better approach. It slipped my mind that session cookies are generated in php during a non-cached session. My original, and mistaken, oversight was that i needed to continually have these session cookie security settings always configured (via the htaccess/nginx.conf) even during cached page servings, which isn't true. Those settings are important only when the session is generated -- during a non-cached period. So this fix resolves that.
@nigrosimone nigrosimone mentioned this pull request Mar 5, 2017
Closed
@nigrosimone nigrosimone mentioned this pull request Apr 27, 2017
Closed
szepeviktor pushed a commit that referenced this pull request May 5, 2017
@Furniel @szepeviktor
"Security Headers" Section Added to Browser Cache #344
921277d 
Adds Helpful Default Values to CSP (Security Headers) & Grammar Corrections #363
Important Change - Session Cookies (Security Headers) #377
Add referrer policy security header #436
@charlesLF charlesLF mentioned this pull request Dec 12, 2017
Closed
Furniel added a commit that referenced this pull request Dec 24, 2017
@Furniel
"Security Headers" Section Added to Browser Cache #344
2c49f20 
Adds Helpful Default Values to CSP (Security Headers) & Grammar Corrections #363
Important Change - Session Cookies (Security Headers) #377
Add referrer policy security header #436

# Conflicts:
#	pub/css/options.css
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
0.9.5.x Update / Revision
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@amiga-500