github / secure_headers

Watch 183
Star 2.8k
Fork 221

Code
Issues 26
Pull requests 3
Actions
Security
Insights

Code
Issues
Pull requests
Actions
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

26 Open 168 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels.

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated

Most reactions

Fetch Metadata Browser Headers

#441 opened Jun 15, 2020 by ThunderSon

Should x-xss-protection default to “0” instead of “1; mode=block”

#439 opened May 17, 2020 by oreoshake

how to allow all iframe for any sites?

#438 opened May 16, 2020 by RohitVenturit

Ignoring CSP on some formats

#437 opened Apr 8, 2020 by paul-mesnilgrente

SHA256 for CSP

#432 opened Feb 25, 2020 by chongfai13

bundler_audit found vulnerability in both v3.8.0 and v3.9.0

#424 opened Jan 30, 2020 by marinfr

Webpacker `javascript_packs_with_chunks_tag` support

#407 opened Jul 24, 2019 by seanders

Replace cookie internals with CookiesAndCream

#400 opened Mar 1, 2019 by oreoshake

Stricter validation on samesite configuration

#398 opened Sep 28, 2018 by vcsjones

Confirm feature parity with secure_headers <=> rails vanilla

#394 opened Jul 19, 2018 by oreoshake 0 of 4

Remove logic that modifies policies in unexpected ways? question

#385 opened Jan 24, 2018 by oreoshake

`report-uri` sample rate

#379 opened Jan 14, 2018 by jacobbednarz

CSP sources are incorrectly removed when both wildcards and schemes are present

#376 opened Nov 29, 2017 by tessereth

expect-ct is undocumented easy good first issue

#369 opened Oct 28, 2017 by oreoshake

Implement strict-dynamic alongside URL whitelists

#350 opened Aug 20, 2017 by akashdotsrivastava

Remove auto-insertion of middleware and force the manual insertion to avoid whacky bugs

#349 opened Aug 16, 2017 by edwinv

Don't upgrade insecure requests when the page is served over HTTP 3.x 4.x bug

#348 opened Jul 28, 2017 by guiprav

Cross-Origin Resource Sharing (CORS) feature

#331 opened May 26, 2017 by somethingnew2-0

Handle setting multiple headers of the same name (by using a comma-separate list) enhancement feature

#323 opened Apr 12, 2017 by oreoshake

Dynamic referrer-policy headers feature

#318 opened Mar 2, 2017 by oreoshake

Source Deduplication Doesn't Take Schemes into Account bug

#317 opened Mar 1, 2017 by belenko

Add a collaborator to this project

#280 opened Aug 4, 2016 by oreoshake

Add support for cookie-scope directive draft-spec waiting-on-browser-impl

#277 opened Jul 27, 2016 by oreoshake

Add support for "Feature Policy" header

#275 opened Jul 20, 2016 by oreoshake

Add instructions for Rails 5 confusion? bug

#273 opened Jul 14, 2016 by csuhta

Previous 1 2 Next

Previous Next

ProTip! Adding no:label will show everything without a label.