Reviewed: https://reviews.mahara.org/6009 Committed: https://git.mahara.org/mahara/mahara/commit/29656f034ff0eefa19fb6a0c24f006ff3ef9e1f0 Submitter: Robert Lyon ([email protected]) Branch: master
commit 29656f034ff0eefa19fb6a0c24f006ff3ef9e1f0 Author: Aaron Wells <[email protected]> Date: Thu Feb 4 16:33:11 2016 +1300 Adding some HTTP headers for security (Bug 1531987) X-XSS-Protection: Tells the browser not to disable XSS protection X-Content-Type-Options: Tells the browser not to try to guess at mimetypes of downloads X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust alternate crossdomain.xml files (which set the permissions on whether this site allows itself to be accessed by scripts in Flash & PDF). Prevents an attacker from uploading a more permissive crossdomain.xml X-Powered-By: PHP by default sends this header with the current full PHP version. behatnotneeded: Selenium can't examine HTTP response headers Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357 -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1531987 Title: Review HTTP headers to improve security Status in Mahara: Fix Committed Status in Mahara 1.10 series: In Progress Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: In Progress Bug description: We need to review our HTTP headers to improve security and check which ones we should include per default and which ones might need to be configurable. The review will include but is not limited to: - Strict-Transport-Security - Content-Security-Policy - X-Frame-Options - X-XSS-Protection - X-Content-Type-Options - Server - X-Powered-By - X-Permitted-Cross-Domain-Policies - Caching headers Initial reports for X-XSS-Protection header by SaifAllah benMassaoud and Zeeshan. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1531987/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
