Feature #1011
Updated by Alexander Watzinger over 5 years ago
To provide additional security we tested OpenAtlas at Mozilla and tried to implement the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu In Implemenation in application: * Using secure cookies: https://infosec.mozilla.org/guidelines/web_security#cookies * Setting SESSION_COOKIE_SAMESITE Tested Testing implementation and added adding to install notes: * HTTP Strict Transport Security https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security * X-Content-Type-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options * X-Frame-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options * X-XSS-Protection https://infosec.mozilla.org/guidelines/web_security#x-xss-protection