mahara-contributors team mailing list archive

Thread
Date

[Bug 1531987] Re: Review HTTP headers to improve security

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Son Nguyen <1531987@xxxxxxxxxxxxxxxxxx>
Date: Wed, 23 Mar 2016 22:51:34 -0000
Reply-to: Bug 1531987 <1531987@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/1.10
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1531987

Title:
  Review HTTP headers to improve security

Status in Mahara:
  Fix Committed
Status in Mahara 1.10 series:
  Fix Released
Status in Mahara 15.04 series:
  Fix Released
Status in Mahara 15.10 series:
  Fix Released

Bug description:
  We need to review our HTTP headers to improve security and check which
  ones we should include per default and which ones might need to be
  configurable. The review will include but is not limited to:

  - Strict-Transport-Security
  - Content-Security-Policy
  - X-Frame-Options
  - X-XSS-Protection
  - X-Content-Type-Options
  - Server
  - X-Powered-By
  - X-Permitted-Cross-Domain-Policies
  - Caching headers

  Initial reports for X-XSS-Protection header by SaifAllah benMassaoud
  and Zeeshan.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1531987/+subscriptions

References

[Bug 1531987] [NEW] Review HTTP headers to improve security
From: Kristina Hoeppner, 2016-01-07