Remove django-csp and extra security header stuff

RESOLVED FIXED

Status

RESOLVED FIXED
a year ago
a year ago

People

(Reporter: peterbe, Assigned: peterbe)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

a year ago
With https://bugzilla.mozilla.org/show_bug.cgi?id=1388808 we're making sure we set all the security related headers in Nginx instead of relying on Django. 

Then we don't need to do that stuff with Django.
(Assignee)

Updated

a year ago
Assignee: nobody → peterbe

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
(Assignee)

Comment 3

a year ago
This "broken" __heartbeat__ since you now get a warning::

 "check_xframe_options_middleware": {
   "status": "warning",
   "level": 30,
   "messages": {
     "security.W002": "You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks."
   }
 }
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 6

a year ago
By the way, the heartbeat URL is https://symbols.dev.mozaws.net/__heartbeat__
(Assignee)

Comment 7

a year ago
Heartbeat is healthy now.
Status: REOPENED → RESOLVED
Last Resolved: a year agoa year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.