Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure HTTP headers for CSP and HSTS are properly set for the admin #42

Closed
alextreme opened this issue Jul 10, 2024 · 2 comments · Fixed by #49 or #56
Closed

Ensure HTTP headers for CSP and HSTS are properly set for the admin #42

alextreme opened this issue Jul 10, 2024 · 2 comments · Fixed by #49 or #56
Assignees
@Coperh
Labels
bug Something isn't working owner: amsterdam

Comments

@alextreme
Copy link
Member

alextreme commented Jul 10, 2024
edited
Loading

Product versie / Product version

1.12 (OZ)

Omschrijf het probleem / Describe the bug

Taiga AMS 18

CSP headers should be set for the admin (see the Open Forms settings)
HSTS headers should be set for the admin and the API (minimum of 1 year, see the Open Forms settings)

After this has been done ensure new releases have been done for OZ+ON+Obj+OT

Stappen om te reproduceren / Steps to reproduce

No response

Verwacht gedrag / Expected behavior

No response
@alextreme alextreme added bug Something isn't working triage Triage means the team has not yet refined this issue. owner: amsterdam labels Jul 10, 2024
@joeribekker joeribekker removed the triage Triage means the team has not yet refined this issue. label Jul 23, 2024
Coperh added a commit that referenced this issue Jul 26, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
eea1e52
@Coperh Coperh mentioned this issue Jul 26, 2024
Merged
Coperh added a commit that referenced this issue Aug 13, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
a1815cc
@alextreme
Copy link
Member Author

@Coperh Thanks and this looks good. I see that I overlooked that also the Cache Control header is to be set. This doesn't have to be set for the admin, but may be missing from the APIs if I see the Taiga issue. It could however also be a missing header on the AMS gateway. Please confirm or deny this and I'll communicate this back

Coperh added a commit that referenced this issue Aug 16, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
c7cc77b
Coperh added a commit that referenced this issue Aug 16, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
bb115f7
Coperh added a commit that referenced this issue Aug 19, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
874e5cb
Coperh added a commit that referenced this issue Aug 19, 2024
@Coperh
🔧[#42] add HSTS & CSP settings
7ec82db
Coperh added a commit that referenced this issue Aug 19, 2024
@Coperh
Merge pull request #49 from maykinmedia/issue/42-headers-for-CSP-and-…
802cb98 
…HSTS

🔧[#42] add HSTS & CSP settings
@Coperh Coperh reopened this Aug 19, 2024
Coperh added a commit that referenced this issue Aug 20, 2024
@Coperh
🔧[#42] add CSP setting help texts
488109a
@Coperh Coperh mentioned this issue Aug 20, 2024
Merged
@alextreme alextreme mentioned this issue Aug 20, 2024
Closed
Coperh added a commit that referenced this issue Aug 23, 2024
@Coperh
🔧[#42] add CSP setting help texts
40e6111
stevenbal added a commit that referenced this issue Aug 23, 2024
@stevenbal
Merge pull request #56 from maykinmedia/issue/42-headers-for-CSP-and-…
5e2c7a4 
…HSTS

🔧[#42] add CSP setting help texts
@Coperh
Copy link
Contributor

Coperh commented Aug 23, 2024
edited
Loading

Added in:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Coperh Coperh

Labels
bug Something isn't working owner: amsterdam
Projects
Data en API fundament
Status: Done
Milestone
No milestone
3 participants
@joeribekker @alextreme @Coperh