Skip to content
This repository has been archived by the owner on Aug 26, 2021. It is now read-only.

Investigate content security policy headers #109

Open
azerella opened this issue Jan 8, 2019 · 1 comment
Open

Investigate content security policy headers #109

azerella opened this issue Jan 8, 2019 · 1 comment
Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested

Comments

@azerella
Copy link
Contributor

azerella commented Jan 8, 2019

I think removing helmet is a solid solution as our cloud providers already provide these common XSS headers. It's causing local development grief and adds extra complication that is already being handled by the cloud provider.

We should revisit CSP headers at a later time though.
@azerella azerella added enhancement New feature or request help wanted Extra attention is needed question Further information is requested labels Jan 8, 2019
@alex-page
Copy link
Contributor

It would be good to identify:

  • What CSP we should have
  • What we currently have
  • How we can add missing functionality without adding burden to development locally

@alex-page alex-page changed the title Investigate CSP headers on deployment Investigate CSP headers Jan 8, 2019
@alex-page alex-page changed the title Investigate CSP headers Investigate content security policy headers Jan 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@azerella @alex-page