Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add HTTP Security Headers #43

Open
0xAurelius opened this issue Apr 11, 2022 · 2 comments
Open

Add HTTP Security Headers #43

0xAurelius opened this issue Apr 11, 2022 · 2 comments

Comments

@0xAurelius
Copy link
Collaborator

Not sure if this will be possible with DOAP, might need to tackle after we move to k8s hosting

from gordob:

NO http security headers set, TLS 1-TLS 1.1 enabled, Obsolete CBC ciphers enabled.

we can set CORS on DOAP, and we can in theory set custom headers on the Dash app as outlined here: plotly/dash-renderer#75

@gord0b
Copy link

gord0b commented Apr 12, 2022

Specific URL: https://carbon.klimadao.finance

Depreciated TLS Versions:
Article states 'March 31, 2022, the minimum default TLS version for custom domains will be 1.2' , https://www.digitalocean.com/blog/new-in-digitalocean-app-platform-glitch-integration, BUT both TLS 1.0 and TLS 1.1 is active.

Test TLS
curl -o /dev/null -L -v -s https://carbon.klimadao.finance --tls-max 1.0
curl -o /dev/null -L -v -s https://carbon.klimadao.finance --tls-max 1.1

image

@gord0b
Copy link

gord0b commented Apr 13, 2022

TLS Change confirmed (OK) - TLS 1.0 & TLS 1.1 not offered any more.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants