Differential D15102

[Cashtab] Add useful security headers
ClosedPublic
Actions

Authored by bytesofman on Jan 5 2024, 19:34.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABC02f1113e6304: [Cashtab] Add useful security headers

Summary

T3395

Cashtab would benefit from some more strict security headers.

Strict-Transport-Security - allows only https
X-Frame-Options "DENY" -- prevent cashtab appearing in a frame, prevent clickjacking attacks
X-Content-Type-Options -- ref https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options
Referrer-Policy -- only showthe origin, for example we don't want to pass URL referrer info if it had tx params
Permissions-Policy -- do not allow camera use from another site

Also will add a CSP header, but this one is more complicated and risks breaking things -- so should be handled separately

Test Plan

cd web/cashtab
docker build -t cashtab_local .
docker run --rm -p 8080:80 --name cashtab cashtab_local

In another terminal,

curl -I http://localhost:8080

Confirm output includes added headers

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bytesofman created this revision.Jan 5 2024, 19:34

Herald added a reviewer: Restricted Project. · View Herald TranscriptJan 5 2024, 19:34

Harbormaster completed remote builds in B26188: Diff 43951.Jan 5 2024, 19:38

bytesofman edited the summary of this revision. (Show Details)Jan 5 2024, 19:45

remove whitespace

add newline

bytesofman published this revision for review.Jan 5 2024, 19:46

Harbormaster completed remote builds in B26189: Diff 43952.Jan 5 2024, 19:48

Harbormaster completed remote builds in B26190: Diff 43953.

Fabien accepted this revision.Jan 5 2024, 20:02

This revision is now accepted and ready to land.Jan 5 2024, 20:02

Closed by commit rABC02f1113e6304: [Cashtab] Add useful security headers (authored by bytesofman). · Explain WhyJan 5 2024, 21:17

This revision was automatically updated to reflect the committed changes.

bytesofman added a commit: rABC02f1113e6304: [Cashtab] Add useful security headers.

Revision Contents
Changeset List

Path

Size

cashtab/

nginx.conf

7 lines

Diff 43955

View Options

[Cashtab] Add useful security headersClosedPublicActions