Feature #1011: Additional security features - OpenAtlas - Redmine

Actions

Feature #1011

closed

Additional security features

Added by Alexander Watzinger over 5 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Alexander Watzinger

Category:

Backend

Target version:

Start date:

2019-04-07

Estimated time:

8.00 h

Description

To provide additional security we tested OpenAtlas at Mozilla and began implementing the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu

In application:

HTTP Strict Transport Security https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security
X-Content-Type-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
X-Frame-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
X-XSS-Protection https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

SESSION_COOKIE_SAMESITE
REMEMBER_COOKIE_SECURE

Documented how to activated if using HTTPS only:

SESSION_COOKIE_SECURE: https://infosec.mozilla.org/guidelines/web_security#cookies

Actions

Also available in: Atom PDF