[security] Add production security headers middleware #34
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
From Security Audit (#33 comment)
Severity: BLOCKER
Zero production security headers are set. Need:
Strict-Transport-Security(HSTS)Content-Security-PolicyX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originPermissions-PolicySuggested fix: Add a security headers middleware applied to all routes.