noah/Nginx_Confs

History

noah 97b9c7168a Secure, HTTPOnly, SameSite Cookies via proxy path

2022-06-27 11:38:16 -05:00

..

Updating conf to include secure cookies and XFO via CSP frame-ancestors

2022-06-27 11:03:41 -05:00

element.theschricks.com.conf

Secure, HTTPOnly, SameSite Cookies via proxy path

2022-06-27 11:38:16 -05:00

README.md

Scoring and conf

2022-06-24 16:42:47 -05:00

README.md

Scoring

SSL Labs

Mozilla Observatory

Additional Score Commentary:

Mozilla Observatory

Current CSP requires the use of unsafe-eval due to WASM.

The relevant issue can be found at: https://github.com/vector-im/element-web/issues/12262, and has a relevant issue in the dotnet development found at: https://github.com/dotnet/aspnetcore/issues/37787

This scores a -10 in Mozilla Observatory.