Closed
Bug 1389194
Opened 8 years ago
Closed 8 years ago
Remove django-csp and extra security header stuff
Categories
(Socorro :: Symbols, task)
Socorro
Symbols
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: peterbe, Assigned: peterbe)
References
Details
With https://bugzilla.mozilla.org/show_bug.cgi?id=1388808 we're making sure we set all the security related headers in Nginx instead of relying on Django.
Then we don't need to do that stuff with Django.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → peterbe
Assignee | ||
Comment 1•8 years ago
|
||
Comment 2•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla-services/tecken
https://github.com/mozilla-services/tecken/commit/49fd396a433fa9e44fccfd96d4d0f987d3b57c93
fixes bug 1389194 - Remove django-csp and extra security header stuff (#313)
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•8 years ago
|
||
This "broken" __heartbeat__ since you now get a warning::
"check_xframe_options_middleware": {
"status": "warning",
"level": 30,
"messages": {
"security.W002": "You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks."
}
}
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Comment 4•8 years ago
|
||
Comment 5•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla-services/tecken
https://github.com/mozilla-services/tecken/commit/b6fb0f3e42bbe94db5c72f99ddf93897f7f84bd9
bug 1389194 - silence dockerflow warning about xframe options (#317)
Assignee | ||
Comment 6•8 years ago
|
||
By the way, the heartbeat URL is https://symbols.dev.mozaws.net/__heartbeat__
Assignee | ||
Comment 7•8 years ago
|
||
Heartbeat is healthy now.
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•