Open Bug 1595839 Opened 6 years ago Updated 5 years ago

bugzilla.mozilla.org has failed the web security baseline

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: security-baseline, Unassigned)

Details

Site https://bugzilla.mozilla.org has failed the web security baseline scan.

The failing tests are:

Cookie No HttpOnly Flag [10010] x 793

Content Security Policy (CSP) Header Not Set [10038] x 529

This issue was automatically raised.

This issue is managed automatically by the baseline scan:

  • If the failing tests change then it will be updated
  • If it is closed before the tests pass then a new one will be opened
  • When all of the tests pass then it will be closed

Full details, including how to test for these issues locally, can be found on this Security Baseline Service dashboard.
If you have any questions or concerns please get in contact with @psiinon

Version: unspecified → Production
The web security baseline scan results for site https://bugzilla.mozilla.org has new failures: Strict-Transport-Security Header Not Set [10035] x 37 * https://bugzilla.mozilla.org/buglist.cgi?keywords=64bit (502 Bad Gateway) * https://bugzilla.mozilla.org/buglist.cgi?keywords=access&resolution=--- (502 Bad Gateway) * https://bugzilla.mozilla.org/buglist.cgi?keywords=access (502 Bad Gateway) * https://bugzilla.mozilla.org/buglist.cgi?keywords=addon-compat (502 Bad Gateway) * https://bugzilla.mozilla.org/buglist.cgi?keywords=arch (502 Bad Gateway)
The following test(s) for site https://bugzilla.mozilla.org have now passed: * Strict-Transport-Security Header Not Set Keep up the good work!
The following test(s) for site https://bugzilla.mozilla.org have now passed: * Cookie No HttpOnly Flag Keep up the good work!
You need to log in before you can comment on or make changes to this bug.