Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update security for xss and http #3739

Merged
merged 6 commits into from
Aug 20, 2020
Merged

chore: update security for xss and http #3739

merged 6 commits into from
Aug 20, 2020

Conversation

awentzel
Copy link
Collaborator

Description

X-XSS-Protection to be removed as it provides a false sense of security and WebScout requires it to be removed. Additionally, http references were found inside code. We should never link to HTTP. Always, reference the HTTPS.

Motivation & context

WebScout discovered another batch of updates to make.

Issue type checklist

  • Chore: A change that does not impact distributed packages.
  • Bug fix: A change that fixes an issue, link to the issue above.
  • New feature: A change that adds functionality.

Is this a breaking change?

  • This change causes current functionality to break.

Adding or modifying component(s) in @microsoft/fast-components checklist

Process & policy checklist

  • I have added tests for my changes.
  • I have tested my changes.
  • I have updated the project documentation to reflect my changes.
  • I have read the CONTRIBUTING documentation and followed the standards for this project.

@awentzel awentzel added area:dev-ops Pertains to build, CI, and other dev-ops work area:cloud area:site Pertains to work on the web site. compliance:security Security-related work. labels Aug 18, 2020
@awentzel awentzel added this to the Release 08 milestone Aug 18, 2020
@awentzel awentzel self-assigned this Aug 18, 2020
radium-v
radium-v requested changes Aug 19, 2020
View reviewed changes
janechu
janechu previously approved these changes Aug 19, 2020
View reviewed changes
@janechu janechu dismissed their stale review August 19, 2020 19:33

Saw some needed changes suggested by @radium-v

EisenbergEffect
EisenbergEffect approved these changes Aug 20, 2020
View reviewed changes
Copy link
Contributor

@EisenbergEffect EisenbergEffect left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pending the additional changes that @radium-v found.

@awentzel awentzel force-pushed the users/awentzel/update-xss branch from c6eaa6a to 4108abf Compare August 20, 2020 17:18
awentzel and others added 4 commits August 20, 2020 10:40
@awentzel @radium-v
Update build/testing/sauce-labs/test-browsers.js
f5d46e4 
Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>
@awentzel @radium-v
Update packages/web-components/README.md
1602413 
Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>
@awentzel @radium-v
Update README.md
70f4759 
Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>
@awentzel @radium-v
Update packages/web-components/fast-components/README.md
c1c882b 
Co-authored-by: John Kreitlow <863023+radium-v@users.noreply.github.com>
@awentzel awentzel merged commit 920bade into master Aug 20, 2020
@awentzel awentzel deleted the users/awentzel/update-xss branch August 20, 2020 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EisenbergEffect EisenbergEffect EisenbergEffect approved these changes

@radium-v radium-v radium-v approved these changes

@nicholasrice nicholasrice nicholasrice approved these changes

@chrisdholt chrisdholt chrisdholt approved these changes

@janechu janechu janechu left review comments

@Falkicon Falkicon Awaiting requested review from Falkicon

Assignees

@awentzel awentzel

Labels
area:dev-ops Pertains to build, CI, and other dev-ops work area:site Pertains to work on the web site. compliance:security Security-related work.
Projects
None yet
Milestone
Release 08
Development

Successfully merging this pull request may close these issues.
6 participants
@awentzel @EisenbergEffect @radium-v @nicholasrice @janechu @chrisdholt