-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] hardened security on the 401 pages #1187
Comments
Hi @sbe-arg, thank you for opening this feature request. Did you activated the CORS in the settings by any chance ? |
I'm running cors with the default settings have not made any cors changes. |
…y headers and nonces for a better security
I added the CSP header for the error pages, thank you again for this feature idea. PS: I just tried it on one of our website and the CORS test passes on the Observatory 🤔 |
What's needed and why?
When you have a website that shows the 401 page intentionally at root /
Mozilla observatory reports the domain as D
Implementations ideas (optional)
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: