Task #2441: Start using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection - Infrastructure - The Document Foundation Redmine

Actions

Task #2441

closed

Start using the headers Content Security Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection

Added by Beluga Beluga over 6 years ago. Updated almost 6 years ago.

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Website

Target version:

-

Start date:

Due date:

% Done:

0%

Tags:

URL:

Description

I analysed libreoffice.org with Mozilla Observatory: https://observatory.mozilla.org/analyze.html?host=libreoffice.org
documentfoundation.org has the same result (grade F)

Lack of these is impacting us negatively:

https://wiki.mozilla.org/Security/Guidelines/Web_Security#Content_Security_Policy
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Content-Type-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-Frame-Options
https://wiki.mozilla.org/Security/Guidelines/Web_Security#X-XSS-Protection

Also relevant is lack of HSTS: https://redmine.documentfoundation.org/issues/1086
https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Strict_Transport_Security

Related issues

Actions

Also available in: Atom PDF