Problem/Motivation

I'd like to implement the security headers best practices in Rocketship

https://www.keycdn.com/blog/http-security-headers

- CSP
- Permissions-Policy

Proposed resolution

- Update seckit settings
- Add CSP module for better CSP header support

Issue fork dropsolid_rocketship_profile-3340530

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

ducktape created an issue. See original summary.

ducktape opened merge request !12

ducktape’s picture

ducktape commented
Status: Active » Needs review

- Added CSP module
- Added patch for Permissions Policy to seckit
- Updated seckit config for PP & CSP

ducktape’s picture

ducktape commented

Cleaned up the config

nginex’s picture

nginex commented
Version: 6.0.x-dev » 6.1.x-dev

webfordreams made their first commit to this issue’s fork.

msteurs’s picture

msteurs commented
Status: Needs review » Postponed
msteurs’s picture

msteurs commented
Status: Postponed » Fixed
msteurs’s picture

msteurs commented
Status: Fixed » Closed (fixed)