-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#2307 - WAVA scan headers update #2403
Conversation
@@ -13,4 +13,10 @@ http { | |||
default_type application/octet-stream; | |||
sendfile on; | |||
keepalive_timeout 65; | |||
server { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about Gzip compression settings which is mentioned in the ticket (from rocket chat)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://app.zenhub.com/workspaces/student-information-management-system-5fce9df5aa1b45000e937014/issues/gh/bcgov/sims/2406 created for the validation whether the setting is needed or not
sources/packages/web/nginx.conf
Outdated
@@ -13,4 +13,10 @@ http { | |||
default_type application/octet-stream; | |||
sendfile on; | |||
keepalive_timeout 65; | |||
server { | |||
add_header 'X-Content-Type-Options' "nosniff"; | |||
add_header 'Content-Security-Policy' "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The conf file share from other project in story has more headers and more CSP config values. Are we considering it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No currently we are valiating only the medium wava scan issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work 👍 @guru-aot
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM @guru-aot 👍 Nice work
Kudos, SonarCloud Quality Gate passed! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, looks good 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work @guru-aot 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
As we are not setting any cookie our application, we are not fixing the "Cookie with Insecure or Improper or Missing SameSite attribute" issue.