sneak/prompts
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add HTTP service hardening policy for 1.0 releases #17

Merged
sneak merged 3 commits from feature/http-service-hardening-policy into main 2026-03-11 02:11:33 +01:00
Conversation 6 Commits 3 Files Changed 2 +4 -3
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6be01ea81f - Show all commits

7
prompts/REPO_POLICIES.md
View File

@@ -179,9 +179,10 @@ style conventions are in separate documents:
or other implementation details to the client. Return generic error
messages in production; detailed errors only when `DEBUG` is enabled.
- **TLS:**
- The service itself may terminate TLS or sit behind a TLS-terminating
reverse proxy, but HSTS headers and secure cookie flags must be set
regardless so that the browser enforces HTTPS.
- Services never terminate TLS directly. They are always deployed behind
a TLS-terminating reverse proxy. The service itself listens on plain
HTTP. However, HSTS headers and `Secure` cookie flags must still be
set by the application so that the browser enforces HTTPS end-to-end.
This list is non-exhaustive. Apply defense-in-depth: if a standard security
hardening measure exists for HTTP services and is not listed here, it is