0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/.changeset-staged/shiny-crabs-wink.md
simeng-li 1c431e7a59
feat(core): apply standard security headers 1/2 (#3590)
* feat(core): add some basic security headers

add some basic security headers

* chore(core): add some comments

add some comments

* chore(core): update the refererPolicy configs

update the refererPolicy configs

* chore(core): update helmet middleware

update helmet middleware

* feat(core): add csp headers to the mainflow and ac http requests 2/2 (#3613)

* feat(core): add csp headers to the mainflow requests

add csp headers to the mainflow requests

* chore(core): add ui and console security headers

add ui and console security headers

* fix(core): remove unused middleware

remove unused middleware

* fix(ui): set terms iframe sandbox

set terms iframe sandbox allow same origin

* fix(core): update security headers middleware

update security headers middleware

* chore(core): add changesets

* chore(core): address rebase conflict

address rebase conflict
2023-04-03 10:24:50 +08:00

423 B

@logto/console @logto/core @logto/shared @logto/ui
patch patch patch patch

Apply security headers

Apply security headers to logto http request response using (helmetjs)[https://helmetjs.github.io/].

[x] crossOriginOpenerPolicy [x] crossOriginEmbedderPolicy [x] crossOriginResourcePolicy [x] hidePoweredBy [x] hsts [x] ieNoOpen [x] noSniff [x] referrerPolicy [x] xssFilter [x] Content-Security-Policy