Hi we have a react application and we received a mail saying our application is missing few policies in the header.
The list they provided are as follows :
1.Strict transport security
2.Content security policy
3.X frame options
4.Referrer policy
5.Permission policy
6.X content type options.
I’m unable to find solutions on how do I add these policies . I saw few links but they have given information what they are but not telling how to add them.
My application is hosted in aws using load balancer, we are not using nginx and back end is Java.
Any help would be appreciated
Related
I have a problem with the Firebase API Restriction settings.
I want to add HTTP restrictions to secure the data but when I add restrictions, it is not working. What am I doing wrong here?
■Website deployed with Github Pages (ex.https://username.github.io/project-name/) It is a React app deployed following this description: https://github.com/gitname/react-gh-pages
■I am using Firebase Authentication. https://firebase.google.com/docs/reference/rest/auth#section-create-email-password
■To secure the API key(although I know Firebase API is no problem, just in case), I wanted to set like below in Google Cloud⇒API & Services⇒Credentials
application restrictions: HTTP referrers
website restrictions: https://username.github.io/project-name/* (used /* since there are many paths in the website)
(When I leave no.2 empty and accept all websites, it works so probably this setting is wrong...)
I'm using Application Insights JS SDK React Plugin to log application insights data to Azure. This data publishing could get blocked by some browser extensions such as Ad Blocker, Privacy Badger, etc. In my case analytics got blocked by Privacy Badger while experimenting.
I know it can be prevented by disabling relevant add-ons for the particular site from the browser. Just wondering is there a particular way to prevent this from implementation side without asking users to disable their add-ons.
Have you considered building a proxy to forward traffic to your own domain before then passing it off to App Insights?
https://github.com/shaneochotny/ApplicationInsights-JS-Proxy
Show how to proxy requests from the Application Insights Javascript SDK instead of sending telemetry directly to dc.services.visualstudio.com. This allows you to do things such as use your own custom domain and/or hide the Instrumentation Key.
There are step by step instructions in that link to configure this
I'll start by saying I am completely new to Apache.
I'm trying to make my way through this particular tutorial about enabling rich social sharing in an Angular.js app: http://www.michaelbromley.co.uk/blog/171/enable-rich-social-sharing-in-your-angularjs-app#_section-set-up-the-server-side-script
The author mentions three specific Apache modules that need to be enabled: mod_rewrite, mod_proxy and mod_proxy_
My question is - are these modules enabled by default on cPanel? Is there somewhere that I can see them in the user interface? How do I know they can be accessed for the particular domain I'm working on?
I am a newbie to google compute engine, I looked at various tutorials and could add a custom domain to app engine. I added a sub domain as advised in the tutorial http://demo.appostrophi.com/ [http://demo.appostrophi.com/][1]. I want my URL to be www.appostrophi.com/ but it's showing a blank screen. What could I have possibly done wrong.
I have added the resource names as suggested by google with my domain registrar.
Please advice.
Thanks in advance
Your DNS registration appears incorrect (or didn't yet have time to propagate properly):
Firefox can’t find the server at www.appostrophi.com.
and
Firefox can’t find the server at appostrophi.com.
The document you mentioned is not the proper procedure to register a domain and/or a subdomain to a GAE app. See Adding a custom domain for your application.
I try to make a SP hosted on Google app engine, with a third party IdP, and I'm facing multiple problems.
I'm using Spring SAML extension for java. I was able to run the stand alone (not in GAE) demo app, from the official guide http://docs.spring.io/spring-security-saml/docs/1.0.x/reference/html/chapter-quick-start.html using as IdP idp.ssocircle.com.
Now my problem comes whey I tried to integrate this code in my GAE project. When running with GAE I can get to the phase where I'm redirected to do the login on ssocircle.com and from there when I should be redirected back to my page I'm getting this error: "Error 401 Authentication Failed: Error decoding incoming SAML message", and on local GAE server logs I can see this message
"[INFO] Dec 17, 2014 5:21:23 PM org.apache.commons.httpclient.HttpMethodDirector executeWithRetry [INFO] INFO: I/O exception (java.net.SocketException) caught when processing request: Permission denied: Not allowed to issue a socket bind: permission denied."
I was wondering if this is a limitation from GAE regarding sockets: 1) Sockets are available only for paid apps (I don't have a paid app, but could consider this options) 2) You cannot create a listen socket; you can only create outbound sockets. 3) You cannot bind to specific IP addresses or ports. (for me this one sounds like it is my problem).
And whey I tried to deploy on GAE, the app remained in a start-up loop because of other errors regarding "nested exception is java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThreadGroup")", that sounds like another GAE limitation to me.
At some point I was ready to gave up, because I was thinking that SAML Spring extension can't work with GAE, because of limitations present on GAE. But I see you have the same project running as a demo on GAE (or at least I think it is running on GAE because of the appspot part in domain name). https://saml-federation.appspot.com/saml/discovery?returnIDParam=idp&entityID=saml-federation.appspot.com
I would appreciate if you can give me some hints regarding my problems, and best would be if you could help me with the source code of this demo project (could not find it anywhere), and all configuration that is needed for GAE.
I've created a new repository https://github.com/vschafer/spring-security-saml-gae which includes instructions for deployment of Spring SAML applications on Google Application Engine. It also includes classes helping to avoid issues you're facing (sockets and threads).
In order to use it:
include the jar created from the repo in your project
use the provided org.springframework...StaticFilesystemMetadataProvider for loading of your metadata
in case you are using HTTP-Artifact binding replace bean org.springframework...ArtifactResolutionProfileImpl with org.springframework...google.ArtifactResolutionProfileGAE
Please comment if you spot some mistakes in the documentation or code.