[Tiki-devel] Location of HTTP Security Headers Settings in Admin

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Tiki-devel] Location of HTTP Security Headers Settings in Admin

Ricardo Melo
Hi Devs,

over the last couple of months, multiple settings for HTTP security headers have been added to Tiki.

All this settings have been added to:

Admin -> Security -> Site Access
(tiki-admin.php?page=security#content_admin1-4 )

The question is: Should this setting be moved to another place? And if yes, what is the best place.

The current list of HTTP security header managed there are:

HTTP header x-frame options  
HTTP header x-xss-protection  
HTTP header x-content-type-options  
HTTP header content-security-policy  
HTTP header strict-transport-security  
HTTP header public-key-pins

Please share your opinion/view regarding if thus settings should moved to another place, and in that case, what is the best place.

Thank you
Ricardo

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] Location of HTTP Security Headers Settings in Admin

Bernard Sfez-3
Hi Ricardo,

I didn’t knew they were that many but on check of each one they were related to "Security".
So it look ok to me for the placement.

They all showed up as "Basic" admin pref… I have the feeling it should be under "Advanced".


Bernard


On 15 Apr 2017, at 19:40 , Ricardo Melo <[hidden email]> wrote:

Hi Devs,

over the last couple of months, multiple settings for HTTP security headers have been added to Tiki.

All this settings have been added to:

Admin -> Security -> Site Access
(tiki-admin.php?page=security#content_admin1-4 )

The question is: Should this setting be moved to another place? And if yes, what is the best place.

The current list of HTTP security header managed there are:

HTTP header x-frame options  
HTTP header x-xss-protection  
HTTP header x-content-type-options  
HTTP header content-security-policy  
HTTP header strict-transport-security  
HTTP header public-key-pins

Please share your opinion/view regarding if thus settings should moved to another place, and in that case, what is the best place.

Thank you
Ricardo
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel

Bernard Sfez | bsfez.com


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Tiki-devel] Location of HTTP Security Headers Settings in Admin

Cloutier, Philippe (RESSOURCE EXTERNE)
In reply to this post by Ricardo Melo

Hi Ricardo,

These surely fit in the Security panel, but I do not think they belong in the Site Access tab. In the absence of a more relevant tab, I guess they could go to the general tab.

 

De : Ricardo Melo [mailto:rjsme[hidden email]]
Envoyé : 15 avril 2017 12:40
À : Tiki developers <[hidden email]>
Objet : [Tiki-devel] Location of HTTP Security Headers Settings in Admin

 

Hi Devs,

 

over the last couple of months, multiple settings for HTTP security headers have been added to Tiki.

 

All this settings have been added to:

 

Admin -> Security -> Site Access

(tiki-admin.php?page=security#content_admin1-4 )

 

The question is: Should this setting be moved to another place? And if yes, what is the best place.

 

The current list of HTTP security header managed there are:

 

HTTP header x-frame options  

HTTP header x-xss-protection  

HTTP header x-content-type-options  

HTTP header content-security-policy  

HTTP header strict-transport-security  

HTTP header public-key-pins

 

Please share your opinion/view regarding if thus settings should moved to another place, and in that case, what is the best place.

 

Thank you

Ricardo


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TikiWiki-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel