-
While watching some presentations of the project I got the impression there is somewhere a canonical place for a structured list of headers. But it’s not really mentioned anywhere. The REST API design document also mentions a canonical source for all headers. So where is it? :) i especially would like to have the list of headers to avoid in a self refreshing url (and not sure I need a rest service for it, but if you want to provide it it’s also fine, where will it be available?) |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 1 reply
-
Hi, You remarks are totally accurate and I share them totally 😃 During the work on the API, I was figuring that we need to have a way to store the reference headers configuration in a machine processable way. 💬 I can propose this idea Replace the following tables: By a JSON file stored in the website GH repo using such content: {
"add": [
{
"name": "Strict Transport Security",
"value": "max-age=31536000 ; includeSubDomains"
},
{
"name": "X-Frame-Options",
"value": "deny"
}
],
"remove": [
"Server",
"Liferay-Portal"
]
} |
Beta Was this translation helpful? Give feedback.
-
@righettod I agree with your aproach. |
Beta Was this translation helpful? Give feedback.
-
Yes, one or possibly two JSON files for those usecases. I would go with two as the Schema are quite different. But the question is, how to generate the readable tables on the web site out of it? (For the remove well have a „description“ and „example“ column?) |
Beta Was this translation helpful? Give feedback.
-
Make sense, let's go for 2 JSON files.
Perhaps I'm wrong, but, the way in which the HTML site is generated will cause some issue if we generate the markdown content dynamically. My proposal to follow your proposal is to add HTML comment as marker for both tables on the markdown file and then have a GitHub action that generate the both JSON file based on markdown content automatically when the markdown is updated. With python it is possible in a stable way. |
Beta Was this translation helpful? Give feedback.
-
Implemented with OWASP/www-project-secure-headers#88 |
Beta Was this translation helpful? Give feedback.
-
✅ References files now provided and automatically updated: ⚒ They will be used, as foundation, for the work on #6 |
Beta Was this translation helpful? Give feedback.
✅ References files now provided and automatically updated:
⚒ They will be used, as foundation, for the work on #6