Skip to content
Snippets Groups Projects
Commit d9356ab8 authored by nimrod's avatar nimrod
Browse files

Improve security by restricting the usage of the response. 

The service replies with the message in the request. This can be used as
an attack vector as the reply is determined by the request and is coming
from a shore.co.il domain. So the following precautions are taken:

- Limit the request length to limit the usefulness of the response.
- Set the response MIME type to plain text and set the
  `X-Content-Type-Options` header to `nosniff` so the browser won't
  guess the content type.
- Set CORS headers.
parent 20838065
Checking pipeline status
Hide whitespace changes
Inline Side-by-side
Showing
with 16 additions and 4 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment