Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply CORS restrictions #134

Open
7 tasks done
turnerrainer opened this issue Apr 23, 2024 · 1 comment
Open
7 tasks done

Apply CORS restrictions #134

turnerrainer opened this issue Apr 23, 2024 · 1 comment
Labels
sec v2.0
Milestone
NoOps 1.0.0 code ...

Comments

@turnerrainer
Copy link
Contributor

turnerrainer commented Apr 23, 2024
edited by varmoh
Loading

AS InfoSec
I WANT CORS restrictions to be applied
SO THAT potential attack surface would be smaller

Acceptance Criteria

  • Set Access-Control-Allow-Origin header to define which origins are allowed to access the resource
  • Set Access-Control-Allow-Methods header to define the HTTP methods (GET, POST, PUT, etc.) that are allowed for cross-origin requests

Scope

  • Public Ruuter
  • Private Ruuter
  • TIM
  • Chat Widget
  • Backoffice
@turnerrainer turnerrainer converted this from a draft issue Apr 23, 2024
@turnerrainer turnerrainer added this to the NoOps 1.0.0 code freeze milestone Apr 23, 2024
@turnerrainer turnerrainer moved this from Backlog to To Groom in Bürokratt Sprint Apr 23, 2024
@turnerrainer turnerrainer moved this from To Groom to In Progress in Bürokratt Sprint May 10, 2024
@varmoh varmoh moved this from In Progress to In Review in Bürokratt Sprint May 10, 2024
@varmoh
Copy link
Collaborator

varmoh commented May 10, 2024

Changed the ingresses, so that some values that were hardcoded, will use values.yaml as a source
Went over the components/modules in scope to check that the CORS values are set
Commit
8ac1180

@rasmusei rasmusei assigned KlviG and unassigned varmoh May 16, 2024
@rasmusei rasmusei moved this from In Review to Acceptance Testing in Bürokratt Sprint May 16, 2024
@rasmusei rasmusei moved this from Acceptance Testing to Done in Bürokratt Sprint Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sec v2.0
Projects
Bürokratt Sprint
Status: Done
Milestone
NoOps 1.0.0 code freeze
Development

No branches or pull requests
3 participants
@KlviG @turnerrainer @varmoh