additional repo policy #16

New Issue

sneak · 2026-03-11T01:43:03+01:00

sneak commented

2026-03-11 01:43:03 +01:00

we need an additional policy about 1.0 releases of http-based services:

web/http services must be hardened for use on the public internet. this means that they must comply with all security best practices, such as (WITHOUT LIMITATION) rate limiting password-based authentication endpoints (api keys are high-entropy and not susceptible to brute force), correctly detecting true client ip when behind a reverse proxy, CSP headers, XFO headers, slowloris read and write timeouts, max request size limits, max response size limits, max request handler execution time limits, csrf tokens on forms, HSTS headers, etc.

we need an additional policy about 1.0 releases of http-based services: web/http services must be hardened for use on the public internet. this means that they must comply with all security best practices, such as (WITHOUT LIMITATION) rate limiting password-based authentication endpoints (api keys are high-entropy and not susceptible to brute force), correctly detecting true client ip when behind a reverse proxy, CSP headers, XFO headers, slowloris read and write timeouts, max request size limits, max response size limits, max request handler execution time limits, csrf tokens on forms, HSTS headers, etc.

sneak commented

2026-03-11 01:43:28 +01:00

@clawbot please add all the standard issue labels for the FSM and tag this one bot

clawbot added the bot label 2026-03-11 01:43:55 +01:00

clawbot commented

2026-03-11 01:44:02 +01:00

Created all FSM labels (bot, needs-review, needs-rework, merge-ready) for this repo. Tagged this issue with bot. Dispatching a worker now.

Created all FSM labels (`bot`, `needs-review`, `needs-rework`, `merge-ready`) for this repo. Tagged this issue with `bot`. Dispatching a worker now.

clawbot referenced a pull request that will close this issue

2026-03-11 01:48:20 +01:00

Add HTTP service hardening policy for 1.0 releases #17

sneak closed this issue