Config #7786
open
Multiple issues with web configuration
Added by Rajmund Hruška 3 months ago.
Updated 2 months ago.
Description
- HTTP Strict Transport Security (HSTS) Policy Not Enabled
- Cookies with missing, inconsistent or contradictory properties
> Cookie without SameSite attribute
- Content Security Policy (CSP) Not Implemented
- Error page web server version disclosure
- Permissions-Policy header not implemented
- Related to Bug #7575: Missing or Permissive Content-Security-Policy frame-ancestors HTTP Response Header added
- Status changed from New to In Progress
- Assignee set to Rajmund Hruška
- Related to Bug #7573: Cookies in default configuration are not marked Secure added
On the last meeting I mentioned that rewrite is not working properly. That is not the case. The rules do what they are meant to be doing:
RewriteEngine on
# Rewrite the path when accessed without a trailing slash.
RewriteRule ^/mentat$ /mentat/ [R]
# Rewrite webserver root to mentat application.
RewriteRule ^/$ /mentat/ [R]
Also available in: Atom
PDF