Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pen Test Security fixes #973

Merged
merged 10 commits into from
Sep 23, 2021
Merged

Pen Test Security fixes #973

merged 10 commits into from
Sep 23, 2021

Conversation

laurenzhonauer
Copy link
Contributor

@laurenzhonauer laurenzhonauer commented Sep 2, 2021

Checklist

  • I have followed (at least) the PR section of the contributing guide.
  • I fixed all necessary PR warnings
  • The commit history is clean
  • The E2E tests are passing
  • If possible, the issue has been divided into more subtasks
  • I did a self review before requesting a review from another team member

Description

Closes #967

@laurenzhonauer laurenzhonauer self-assigned this Sep 2, 2021
@laurenzhonauer laurenzhonauer marked this pull request as draft September 2, 2021 14:31
@openkfwCI
Copy link

openkfwCI commented Sep 2, 2021

NotesTime
Note for Reviewer: E2E tests on remote server startedThu, 23 Sep 2021 14:46:31 +0000

Generated by E2E-Test

@github-actions
Copy link

github-actions bot commented Sep 9, 2021

Warnings
⚠️ It looks like an ID was added. Please make sure it is not a secret.
⚠️ There were changes in the frontend, but no E2E-test was added or modified!
⚠️ No CHANGELOG added.

Generated by 🚫 dangerJS against d81d1b2

@laurenzhonauer laurenzhonauer changed the title mail: install node modules & create types file Pen Test Security fixes Sep 9, 2021
@laurenzhonauer laurenzhonauer force-pushed the 967-security-improvements branch 10 times, most recently from 6abad19 to 425ba23 Compare September 15, 2021 07:57
@laurenzhonauer laurenzhonauer force-pushed the 967-security-improvements branch 8 times, most recently from 34ad4b6 to 6ae7c73 Compare September 21, 2021 15:37
@laurenzhonauer laurenzhonauer marked this pull request as ready for review September 21, 2021 15:37
api/src/lib/joiValidation.spec.ts Outdated Show resolved Hide resolved
api/src/lib/joiValidation.spec.ts Outdated Show resolved Hide resolved
api/README.md Outdated Show resolved Hide resolved
docs/operation-administration/introduction.md Outdated Show resolved Hide resolved
@laurenzhonauer laurenzhonauer force-pushed the 967-security-improvements branch 3 times, most recently from 0a97cee to cdcab5b Compare September 22, 2021 13:32
@laurenzhonauer laurenzhonauer force-pushed the 967-security-improvements branch 2 times, most recently from 132358c to 4034236 Compare September 23, 2021 09:06
laurenzhonauer and others added 10 commits September 23, 2021 15:22
- enforce stricter validation on inputs
- send content policy security header
- send access-controll header
- use NODE_ENV var to control check on passwords
- add NODE_ENV to api
- add INLINE_RUNTIME_CHUNG to frontend
- use express to serve api
- refactor readiness endpoint
- add security headers
- add postman exports
- set INLINE_RUNTIME_CHUNK to enable CSP
- NODE_ENV for prod vs dev
- ACCESS_CONTROL_ALLOW_ORIGIN for cors headers
@Stezido Stezido merged commit bdb6dbd into master Sep 23, 2021
@Stezido Stezido deleted the 967-security-improvements branch September 23, 2021 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security Improvements (SP 8)
4 participants