Closed Bug 1389194 Opened 8 years ago Closed 8 years ago

Remove django-csp and extra security header stuff

Categories

(Socorro :: Symbols, task)

Product:
Socorro
Component:
Symbols
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: peterbe, Assigned: peterbe)

References

Details

With https://bugzilla.mozilla.org/show_bug.cgi?id=1388808 we're making sure we set all the security related headers in Nginx instead of relying on Django. Then we don't need to do that stuff with Django.
Assignee: nobody → peterbe
Commit pushed to master at https://github.com/mozilla-services/tecken https://github.com/mozilla-services/tecken/commit/49fd396a433fa9e44fccfd96d4d0f987d3b57c93 fixes bug 1389194 - Remove django-csp and extra security header stuff (#313)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
This "broken" __heartbeat__ since you now get a warning:: "check_xframe_options_middleware": { "status": "warning", "level": 30, "messages": { "security.W002": "You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks." } }
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
By the way, the heartbeat URL is https://symbols.dev.mozaws.net/__heartbeat__
Heartbeat is healthy now.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.