-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apply security headers #1521
Labels
d.enhancement
Improves docs with specific ask
e1-hours
Can complete in < 8 hours of normal, not dedicated, work
infra.structure
Relates to the tools that create dart.dev
p3-low
Valid but not urgent concern. Resolve when possible. Encourage upvote to surface.
Comments
jonasfj
added
d.enhancement
Improves docs with specific ask
p3-low
Valid but not urgent concern. Resolve when possible. Encourage upvote to surface.
labels
Apr 30, 2019
kwalrath
added
the
e1-hours
Can complete in < 8 hours of normal, not dedicated, work
label
Sep 21, 2019
This was referenced Feb 13, 2024
atsansone
added a commit
to flutter/website
that referenced
this issue
Feb 21, 2024
The Flutter docs site scores a [C for security](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev). One factor is the Content Security Policy, an HTTP header that can prevent [Cross Site Scripting (XSS)](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev) attacks. This PR adds the CSP to the Flutter docs site HTTP headers. It would resemble the fix applied to the Dart homepage in [Dart PR #3540](dart-lang/site-www#3540) based on [Dart issue #1521](dart-lang/site-www#1521) This change is based on the pub.dev site. Fixes #6381 Co-authored-by: Brett Morgan <brettmorgan@google.com>
atsansone
added a commit
to atsansone/website
that referenced
this issue
Apr 5, 2024
The Flutter docs site scores a [C for security](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev). One factor is the Content Security Policy, an HTTP header that can prevent [Cross Site Scripting (XSS)](https://securityheaders.com/?q=https%3A%2F%2Fdocs.flutter.dev) attacks. This PR adds the CSP to the Flutter docs site HTTP headers. It would resemble the fix applied to the Dart homepage in [Dart PR flutter#3540](dart-lang/site-www#3540) based on [Dart issue flutter#1521](dart-lang/site-www#1521) This change is based on the pub.dev site. Fixes flutter#6381 Co-authored-by: Brett Morgan <brettmorgan@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
d.enhancement
Improves docs with specific ask
e1-hours
Can complete in < 8 hours of normal, not dedicated, work
infra.structure
Relates to the tools that create dart.dev
p3-low
Valid but not urgent concern. Resolve when possible. Encourage upvote to surface.
See: https://securityheaders.com/?q=https%3A%2F%2Fdart.dev
Credits @sortie :)
Even though this site is static content and low impact for XSS exploits, we should always apply security headers for defense in depth.
The text was updated successfully, but these errors were encountered: