Page MenuHomePhabricator
Create Task
Maniphest T326326

Re-evaluate security header rules for API responses
Closed, InvalidPublic
Actions

Description

In the context of restbase sunsetting, we need to re-implement the logic for emitting security headers, which is currently defined in https://phabricator.wikimedia.org/diffusion/GRES/browse/master/lib/security_response_header_filter.js.

Before we port this logic, we should re-assess whether it is still up to date.

Related Objects

Event Timeline

daniel created this task.Jan 5 2023, 2:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 5 2023, 2:46 PM
VirginiaPoundstone mentioned this in T326698: Write One-Pager PRD for Harden API Gateway.Jan 25 2023, 1:34 PM
daniel added subscribers: hnowlan, xSavitar.Jun 5 2023, 5:59 PM

@hnowlan IIRC you are currently working on this, right? Is this ticket a duplicate? Can you share the status of the work?

daniel triaged this task as High priority.Jun 5 2023, 6:00 PM
daniel added a comment.Jun 5 2023, 6:02 PM
In T326326#8903647, @daniel wrote:

@hnowlan IIRC you are currently working on this, right? Is this ticket a duplicate? Can you share the status of the work?

Ah, I guess the work is tracked in T326321. Can we close this ticket, then?

daniel lowered the priority of this task from High to Medium.Jun 5 2023, 6:02 PM
hnowlan closed this task as Resolved.Jun 26 2023, 10:27 AM

Closing as a dupe of T326321.

sbassett changed the task status from Resolved to Invalid.Jun 26 2023, 2:53 PM
STran moved this task from Backlog to Done on the iPoid-Service board.Oct 4 2023, 6:27 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits