Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Do we need to block any response headers? #9

Open
technosophos opened this issue Oct 22, 2020 · 2 comments
Open

Do we need to block any response headers? #9

technosophos opened this issue Oct 22, 2020 · 2 comments

Comments

@technosophos
Copy link
Contributor

Right now, we pass any extraneous HTTP headers set by the module. Are there headers that we should block for security or performance reasons?
@NickLarsenNZ
Copy link

If there are such headers, would it be more appropriate to just log it?

@technosophos
Copy link
Contributor Author

The spec left open the possibility that we could actually block a header if it was a security or performance problem. But so far I haven't found any. So, yeah, we could just log any mystery headers until we find one that is actually a Bad Thing.

@radu-matei radu-matei mentioned this issue Mar 28, 2022
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@technosophos @NickLarsenNZ