fix: clarify TLS policy — services never terminate TLS directly
All checks were successful
check / check (push) Successful in 5s
All checks were successful
check / check (push) Successful in 5s
Our services always sit behind a TLS-terminating reverse proxy and listen on plain HTTP. Updated the TLS subsection to state this as policy rather than presenting it as one of two options.
This commit is contained in:
user
@@ -179,9 +179,10 @@ style conventions are in separate documents:
|
||||
or other implementation details to the client. Return generic error
|
||||
messages in production; detailed errors only when `DEBUG` is enabled.
|
||||
- **TLS:**
|
||||
- The service itself may terminate TLS or sit behind a TLS-terminating
|
||||
reverse proxy, but HSTS headers and secure cookie flags must be set
|
||||
regardless so that the browser enforces HTTPS.
|
||||
- Services never terminate TLS directly. They are always deployed behind
|
||||
a TLS-terminating reverse proxy. The service itself listens on plain
|
||||
HTTP. However, HSTS headers and `Secure` cookie flags must still be
|
||||
set by the application so that the browser enforces HTTPS end-to-end.
|
||||
|
||||
This list is non-exhaustive. Apply defense-in-depth: if a standard security
|
||||
hardening measure exists for HTTP services and is not listed here, it is
|
||||
|
||||
Reference in New Issue
Block a user