New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add HTTP security headers #179
Comments
Agree here. //Edit: FIxed the link. Here was a GetPocket.com link |
Sorry senor, me no pocket :) |
Oh sorry. |
Definitively a good read. |
This is fine as long as is it a good discussion, because i believe such discussions lead to a better end result :) |
Includes settings for cookies fixes #179
(removing from milestone, as not critical and no feedback received so far) |
Expected Behavior
Over the last years a good amount of security enhancements have been included into the HTTP standard. Some of them are configured by the server sending defined HTTP header bits.
Thus we should have a look if we can implement these without breaking current functionality.
Examples would be:
More to be found for example at the OWASP Secure Headers Project
Current Behavior
Headers aren't set. Default Browser options are used
Possible Solution
Set headers per default to recommended setting, fix compatibilty issues if possible, change header value otherwise
Context
To get LS up to the current state-of-the-art in this regard
The text was updated successfully, but these errors were encountered: