Project

General

Profile

Feature #1011

Updated by Alexander Watzinger about 5 years ago

To provide additional security we tested OpenAtlas at Mozilla and tried to implement the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu 

 In Implemenation in application: 

 * Using secure cookies: https://infosec.mozilla.org/guidelines/web_security#cookies 
 * Setting SESSION_COOKIE_SAMESITE 

 Tested Testing implementation and added adding to install notes: 

 * HTTP Strict Transport Security https://infosec.mozilla.org/guidelines/web_security#http-strict-transport-security 
 * X-Content-Type-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options 
 * X-Frame-Options https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options 
 * X-XSS-Protection https://infosec.mozilla.org/guidelines/web_security#x-xss-protection

Back