Project

General

Profile

Actions

Config #7786

open

Multiple issues with web configuration

Added by Rajmund Hruška 3 months ago. Updated 2 months ago.

Status:
In Progress
Priority:
Normal
Category:
-
Target version:
Start date:
09/18/2024
Due date:
% Done:

0%

Estimated time:
To be discussed:
No

Description

  • HTTP Strict Transport Security (HSTS) Policy Not Enabled
  • Cookies with missing, inconsistent or contradictory properties
    > Cookie without SameSite attribute
  • Content Security Policy (CSP) Not Implemented
  • Error page web server version disclosure
  • Permissions-Policy header not implemented

Related issues

Related to Mentat - Bug #7575: Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response HeaderClosedRajmund Hruška03/23/2022

Actions
Related to Mentat - Bug #7573: Cookies in default configuration are not marked SecureClosedRajmund Hruška03/22/2022

Actions
Actions #1

Updated by Rajmund Hruška 3 months ago

  • Related to Bug #7575: Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header added
Actions #2

Updated by Rajmund Hruška 3 months ago

  • Status changed from New to In Progress
  • Assignee set to Rajmund Hruška
Actions #3

Updated by Rajmund Hruška 3 months ago

  • Related to Bug #7573: Cookies in default configuration are not marked Secure added
Actions #4

Updated by Rajmund Hruška 2 months ago

On the last meeting I mentioned that rewrite is not working properly. That is not the case. The rules do what they are meant to be doing:

    RewriteEngine on
    # Rewrite the path when accessed without a trailing slash.
    RewriteRule ^/mentat$ /mentat/ [R]
    # Rewrite webserver root to mentat application.
    RewriteRule ^/$ /mentat/ [R]
Actions

Also available in: Atom PDF