Skip to content

chore: add more security-sensitive headers #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore: add more security-sensitive headers #44

wants to merge 2 commits into from

Conversation

@MegaManSec
Copy link

@MegaManSec MegaManSec commented Apr 28, 2025

Lots of new security headers have become standard since the original list.

This PR also adds more caching headers:

pragma
expires

and also

content-disposition

which can turn a file download into an XSS vulnerability.

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 10, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dvershinin dvershinin requested a review from Copilot September 30, 2025 14:42
Copilot AI reviewed Sep 30, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances security by expanding the list of security-sensitive headers that are monitored for redefinition. The changes add modern security headers and caching-related headers that have become standard practice since the original implementation.

  • Adds 8 new security headers including Content Security Policy variants and modern browser security controls
  • Includes caching headers (pragma, expires) that can impact security
  • Adds content-disposition header which can prevent XSS vulnerabilities in file downloads

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MegaManSec