wagi icon indicating copy to clipboard operation
wagi copied to clipboard

Published 20 hours ago verified publisher icon deislabs

Do we need to block any response headers?

Open technosophos opened this issue 5 years ago • 2 comments

Right now, we pass any extraneous HTTP headers set by the module. Are there headers that we should block for security or performance reasons?

technosophos avatar Oct 22 '20 20:10 technosophos

If there are such headers, would it be more appropriate to just log it?

NickLarsenNZ avatar Sep 17 '21 06:09 NickLarsenNZ

The spec left open the possibility that we could actually block a header if it was a security or performance problem. But so far I haven't found any. So, yeah, we could just log any mystery headers until we find one that is actually a Bad Thing.

technosophos avatar Sep 20 '21 22:09 technosophos