Skip to content
Snippets Groups Projects
Select Git revision
  • master default
1 result
Blame Permalink
  • nimrod's avatar
    00b764d8
    Improve security by restricting the usage of the response. · 00b764d8
    nimrod authored 
    The service replies with the message in the request. This can be used as
an attack vector as the reply is determined by the request and is coming
from a shore.co.il domain. So the following precautions are taken:

- Limit the request length to limit the usefulness of the response.
- Set the response MIME type to plain text and set the
  `X-Content-Type-Options` header to `nosniff` so the browser won't
  guess the content type.
- Set the `X-Frame-Options` header to `DENY` so it won't be used as an
  iframe.
- Set CORS headers.
    00b764d8
    History
    Improve security by restricting the usage of the response.
    nimrod authored 
    The service replies with the message in the request. This can be used as
an attack vector as the reply is determined by the request and is coming
from a shore.co.il domain. So the following precautions are taken:

- Limit the request length to limit the usefulness of the response.
- Set the response MIME type to plain text and set the
  `X-Content-Type-Options` header to `nosniff` so the browser won't
  guess the content type.
- Set the `X-Frame-Options` header to `DENY` so it won't be used as an
  iframe.
- Set CORS headers.
app.py 2.53 KiB