You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We can ensure more security by updating the Content Security Policy header (which is currently only frame-ancestors 'none'). This ensures scripts, http, styles, fonts, and other data are only loaded from trusted sources. A good resource can be found here. The work here is to figure out exactly which sources we currently load things from, such as firebase and the google apis, and whitelist them in the CSP. A missing whitelist could break the functionality of the site. This header (and other extra HTTP headers) are configured via an AWS Lambda@Edge function which can be edited from the Covid Watch AWS.
The text was updated successfully, but these errors were encountered:
We can ensure more security by updating the Content Security Policy header (which is currently only
frame-ancestors 'none'
). This ensures scripts, http, styles, fonts, and other data are only loaded from trusted sources. A good resource can be found here. The work here is to figure out exactly which sources we currently load things from, such as firebase and the google apis, and whitelist them in the CSP. A missing whitelist could break the functionality of the site. This header (and other extra HTTP headers) are configured via an AWS Lambda@Edge function which can be edited from the Covid Watch AWS.The text was updated successfully, but these errors were encountered: