chore: update security for xss and http (#3739)

* chore: remove xss for compliance as it gives false sense of security

* update to replace all http to https for security improvements

* Update build/testing/sauce-labs/test-browsers.js

Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>

* Update packages/web-components/README.md

Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>

* Update README.md

Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>

* Update packages/web-components/fast-components/README.md

Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>

Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>

CODE_OF_CONDUCT.md

@@ -40,7 +40,7 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version]
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

README.md

@@ -5,7 +5,7 @@
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![lerna](https://img.shields.io/badge/maintained%20with-lerna-cc00ff.svg)](https://lerna.js.org/)
-[![TypeScript](https://img.shields.io/badge/%3C%2F%3E-TypeScript-%230074c1.svg)](http://www.typescriptlang.org/)
+[![TypeScript](https://img.shields.io/badge/%3C%2F%3E-TypeScript-%230074c1.svg)](https://www.typescriptlang.org/)
 [![code style: prettier](https://img.shields.io/badge/code_style-prettier-f8bc45.svg)](https://github.com/prettier/prettier)
 
 [![Maintainability](https://api.codeclimate.com/v1/badges/8a74621e634a6e9b9561/maintainability)](https://codeclimate.com/github/Microsoft/fast/maintainability)
@@ -40,7 +40,7 @@ For an in-depth explanation of FAST [see our docs introduction](https://www.fast
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-element.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-element)
 
-The `@microsoft/fast-element` library is a lightweight means to easily build performant, memory-efficient, standards-compliant Web Components. FAST Elements work in every major browser and can be used in combination with any front-end framework or even without a framework. To get up and running with `@microsoft/fast-element` see [the Getting Started guide](http://fast.design/docs/fast-element/getting-started).
+The `@microsoft/fast-element` library is a lightweight means to easily build performant, memory-efficient, standards-compliant Web Components. FAST Elements work in every major browser and can be used in combination with any front-end framework or even without a framework. To get up and running with `@microsoft/fast-element` see [the Getting Started guide](https://fast.design/docs/fast-element/getting-started).
 
 ### `@microsoft/fast-foundation`
 
@@ -56,7 +56,7 @@ This package does not export Web Components registered as [custom elements](http
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-components.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-components)
 
-`@microsoft/fast-components` is a library of Web Components that *composes* the exports of `@microsoft/fast-foundation` with stylesheets aligning to the FAST Frame design system. This composition step registers a custom element. See the [quick start](http://fast.design/components/getting-started) to get started using the components.
+`@microsoft/fast-components` is a library of Web Components that *composes* the exports of `@microsoft/fast-foundation` with stylesheets aligning to the FAST Frame design system. This composition step registers a custom element. See the [quick start](https://fast.design/docs/components/getting-started) to get started using the components.
 
 ### `@fluentui/web-components`
 
@@ -76,13 +76,13 @@ Launch our [Component Explorer](https://explore.fast.design) to experience our [
 We hope you're excited by the possibilities that FAST presents. But, you may be wondering where to start. Here are a few statements that describe various members of our community. We recommend that you pick the statement you most identify with and follow the links where they lead. You can always come back and explore another topic at any time.
 
 * "I just want ready-made components!"
-  * [Jump to the component docs.](http://fast.design/docs/components/getting-started)
+  * [Jump to the component docs.](https://fast.design/docs/components/getting-started)
 * "I want to build my own design system."
-  * [Jump to the design system docs.](http://fast.design/docs/design/introduction)
+  * [Jump to the design system docs.](https://fast.design/docs/design/introduction)
 * "I want to build my own components."
-  * [Jump to the fast-element docs.](http://fast.design/docs/fast-element/getting-started)
+  * [Jump to the fast-element docs.](https://fast.design/docs/fast-element/getting-started)
 * "I need to integrate FAST with another framework or build system."
-  * [Jump to the integration docs.](http://fast.design/docs/integrations/introduction)
+  * [Jump to the integration docs.](https://fast.design/docs/integrations/introduction)
 
 ## Joining the Community
 

build/testing/sauce-labs/test-browsers.js

@@ -48,7 +48,7 @@ const accessKey = process.env.SAUCE_LABS_KEY;
 const domain = "https://explore.fast.design";
 
 // Configure to connect to remote hub
-const remoteHub = `http://${username}:${accessKey}@ondemand.saucelabs.com:80/wd/hub`;
+const remoteHub = `https://${username}:${accessKey}@ondemand.saucelabs.com:443/wd/hub`;
 
 /**
  * Get configuration based on the accepted Phase argument

packages/web-components/README.md

@@ -7,7 +7,7 @@ Our web component packages.
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-element.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-element)
 
-The `fast-element` library is a lightweight means to easily building performant, memory-efficient, standards-compliant Web Components. FAST Elements work in every major browser and can be used in combination with any front-end framework or even without a framework. To get up and running with `fast-element` see [the Getting Started guide](http://fast.design/docs/fast-element/getting-started).
+The `fast-element` library is a lightweight means to easily building performant, memory-efficient, standards-compliant Web Components. FAST Elements work in every major browser and can be used in combination with any front-end framework or even without a framework. To get up and running with `fast-element` see [the Getting Started guide](https://fast.design/docs/fast-element/getting-started).
 
 ## fast-foundation
 
@@ -23,11 +23,11 @@ This package does not export Web Components registered as [custom elements](http
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-components.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-components)
 
-`fast-components` is a library of Web Components that *composes* the exports of `fast-foundation` with stylesheets aligning to the FAST design language. This composition step registers a custom element. See the [quick start](http://fast.design/components/getting-started) to get started using the components.
+`fast-components` is a library of Web Components that *composes* the exports of `fast-foundation` with stylesheets aligning to the FAST design language. This composition step registers a custom element. See the [quick start](https://fast.design/docs/components/getting-started) to get started using the components.
 
 ## fast-components-msft
 **This package has been moved to [FluentUI](https://github.com/microsoft/fluentui/) and has been renamed to `@fluentui/web-components`**
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-components-msft.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-components-msft)
 
-`@fluentui/web-components` is a library of Web Components that *composes* `fast-foundation`. `@fluentui/web-components` uses the same custom element names as `fast-components`, but makes use of different stylesheets and may include components that specifically support Microsoft's Fluent design language.
+`@fluentui/web-components` is a library of Web Components that *composes* `fast-foundation`. `@fluentui/web-components` uses the same custom element names as `fast-components`, but makes use of different stylesheets and may include components that specifically support Microsoft's Fluent design language.

packages/web-components/fast-components/README.md

@@ -3,7 +3,7 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![npm version](https://badge.fury.io/js/%40microsoft%2Ffast-components.svg)](https://badge.fury.io/js/%40microsoft%2Ffast-components)
 
-`fast-components` is a library of Web Components that *composes* the exports of `fast-foundation` with stylesheets aligning to the FAST design language. This composition step registers a custom element. See the [quick start](http://fast.design/components/getting-started) to get started using the components.
+`fast-components` is a library of Web Components that *composes* the exports of `fast-foundation` with stylesheets aligning to the FAST design language. This composition step registers a custom element. See the [quick start](https://fast.design/docs/components/getting-started) to get started using the components.
 
 ## Installation
 
@@ -25,7 +25,7 @@ Within your JavaScript or TypeScript code, you can then import library APIs like
 import { FASTAnchor } from '@microsoft/fast-components';
 ```
 
-Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](http://fast.design/docs/integrations/introduction).
+Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](https://fast.design/docs/integrations/introduction).
 
 ### From CDN
 

packages/web-components/fast-element/README.md

@@ -26,7 +26,7 @@ import { FASTElement } from '@microsoft/fast-element';
 ```
 
 :::tip
-Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](http://fast.design/docs/integrations/introduction).
+Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](https://fast.design/docs/integrations/introduction).
 :::
 
 ### From CDN

packages/web-components/fast-foundation/README.md

@@ -27,7 +27,7 @@ Within your JavaScript or TypeScript code, you can then import library APIs like
 import { Anchor } from '@microsoft/fast-foundation';
 ```
 
-Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](http://fast.design/docs/integrations/introduction).
+Looking for a setup that integrates with a particular front-end framework or bundler? Check out [our integration docs](https://fast.design/docs/integrations/introduction).
 
 ### From CDN
 

sites/fast-website/src/public/index.ejs

@@ -140,7 +140,7 @@
                             <fast-anchor
                                 slot="action"
                                 appearance="accent"
-                                href="http://github.com/microsoft/fast"
+                                href="https://github.com/microsoft/fast"
                             >
                                 View GitHub
                             </fast-anchor>

sites/site-utilities/statics/server/server.js

@@ -6,8 +6,6 @@ var path = require("path");
 // Create application
 var app = express();
 
-// Security enhancements provided by https://github.com/helmetjs/helmet
-// contentSecurityPolicy() omitted because it breaks modern implementation methods
 app.use(helmet.dnsPrefetchControl());
 app.use(helmet.expectCt());
 app.use(helmet.frameguard());
@@ -17,7 +15,6 @@ app.use(helmet.ieNoOpen());
 app.use(helmet.noSniff());
 app.use(helmet.permittedCrossDomainPolicies());
 app.use(helmet.referrerPolicy());
-app.use(helmet.xssFilter());
 
 // Set public directory
 var publicDir = path.resolve(__dirname);

sites/website/src/docs/community/writing-documentation.md

@@ -261,4 +261,4 @@ Code comments in **fragment** format:
 
 [GaOSG]: https://www.theguardian.com/guardian-observer-style-guide-a
 
-[TBNS]: http://www2.media.uoa.gr/lectures/linguistic_archives/academic_papers0506/notes/stylesheets_3.pdf
+[TBNS]: https://www2.media.uoa.gr/lectures/linguistic_archives/academic_papers0506/notes/stylesheets_3.pdf