MW REST: add security headers
Open, MediumPublic
Actions

Assigned To

None

Authored By

	daniel
	Jan 5 2023, 2:35 PM

Description

The REST framework should provide a mechanism for applying security headers to all responses.

To avoid piling onto the logic in the Handler base class, this could be implemented as a "middleware". This would require use to add support for such "middleware" to the REST framework.

For reference, see the security header filter implemented in RESTbase: https://phabricator.wikimedia.org/diffusion/GRES/browse/master/lib/security_response_header_filter.js

Related Objects

Mentioned In: T326698: Write One-Pager PRD for Harden API Gateway

Event Timeline

daniel created this task.Jan 5 2023, 2:35 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 5 2023, 2:35 PM

daniel updated the task description. (Show Details)Jan 5 2023, 2:37 PM

daniel added subscribers: sbassett, xSavitar, MSantos.Jan 9 2023, 9:12 AM

VirginiaPoundstone mentioned this in T326698: Write One-Pager PRD for Harden API Gateway.Jan 25 2023, 1:34 PM

daniel triaged this task as Medium priority.Jun 5 2023, 6:02 PM

MW REST: add security headersOpen, MediumPublicActions

Description

Related Objects

Event Timeline

MW REST: add security headers
Open, MediumPublic
Actions