Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply security headers #1521

Closed
jonasfj opened this issue Apr 30, 2019 · 0 comments · Fixed by #3540
Closed

Apply security headers #1521

jonasfj opened this issue Apr 30, 2019 · 0 comments · Fixed by #3540
Labels
d.enhancement Improves docs with specific ask e1-hours Can complete in < 8 hours of normal, not dedicated, work infra.structure Relates to the tools that create dart.dev p3-low Valid but not urgent concern. Resolve when possible. Encourage upvote to surface.

Comments

@jonasfj
Copy link
Member

jonasfj commented Apr 30, 2019
edited by parlough
Loading

See: https://securityheaders.com/?q=https%3A%2F%2Fdart.dev

Credits @sortie :)

Even though this site is static content and low impact for XSS exploits, we should always apply security headers for defense in depth.
@jonasfj jonasfj added d.enhancement Improves docs with specific ask p3-low Valid but not urgent concern. Resolve when possible. Encourage upvote to surface. labels Apr 30, 2019
@kwalrath kwalrath added the infra.structure Relates to the tools that create dart.dev label Apr 30, 2019
@kwalrath kwalrath added the e1-hours Can complete in < 8 hours of normal, not dedicated, work label Sep 21, 2019
parlough added a commit that referenced this issue Sep 1, 2021
@parlough
Add simple security headers
bc06225 
Works towards #1521
@parlough parlough mentioned this issue Sep 1, 2021
Merged
kwalrath pushed a commit that referenced this issue Sep 8, 2021
@parlough
Add security headers and policies (#3540)
ca0c7b6 
Works towards #1521
@johnpryan johnpryan mentioned this issue Oct 12, 2021
Closed
This was referenced Feb 13, 2024
Closed
Merged
atsansone added a commit to flutter/website that referenced this issue Feb 21, 2024
@atsansone @domesticmouse
Added CSP test policy (#10157)
e47cc38 
The Flutter docs site scores a [C for
security](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev).
One factor is the Content Security Policy, an HTTP header that can
prevent [Cross Site Scripting
(XSS)](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev)
attacks.

This PR adds the CSP to the Flutter docs site HTTP headers. It would
resemble the fix applied to the Dart homepage in
[Dart PR #3540](dart-lang/site-www#3540) based
on [Dart issue #1521](dart-lang/site-www#1521)

This change is based on the pub.dev site. Fixes #6381

Co-authored-by: Brett Morgan <brettmorgan@google.com>
atsansone added a commit to atsansone/website that referenced this issue Apr 5, 2024
@atsansone @domesticmouse
Added CSP test policy (flutter#10157)
3dd51be 
The Flutter docs site scores a [C for
security](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev).
One factor is the Content Security Policy, an HTTP header that can
prevent [Cross Site Scripting
(XSS)](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev)
attacks.

This PR adds the CSP to the Flutter docs site HTTP headers. It would
resemble the fix applied to the Dart homepage in
[Dart PR flutter#3540](dart-lang/site-www#3540) based
on [Dart issue flutter#1521](dart-lang/site-www#1521)

This change is based on the pub.dev site. Fixes flutter#6381

Co-authored-by: Brett Morgan <brettmorgan@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
d.enhancement Improves docs with specific ask e1-hours Can complete in < 8 hours of normal, not dedicated, work infra.structure Relates to the tools that create dart.dev p3-low Valid but not urgent concern. Resolve when possible. Encourage upvote to surface.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add security headers and policies dart-lang/site-www
2 participants
@jonasfj @kwalrath