Hi, I've set up a trac via https using latest stable trac (1.2.2).
I've found a nice tool checking site configuration: https://observatory.mozilla.org/ Checking my trac installation I got a poor "D" rating. Following is the list of tests failed resulting in a negative score: Test Score Explanation Content Security Policy -25 Content Security Policy (CSP) header not implemented Contribute.json -10 Contribute.json file cannot be parsed X-Content-Type-Options -5 X-Content-Type-Options header not implemented X-Frame-Options -20 X-Frame-Options (XFO) header not implemented X-XSS-Protection -10 X-XSS-Protection header not implemented Since other sites hosted on my server get better ratings there must be a chance to fix this in the code. Another way is to add such headers to the apache config, but I'm not sure whether I am breaking something in trac and it's less flexible. Is there a chance to improve the headers trac is sending? Can I help with whatever is helpful? Regards Torge -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-dev. For more options, visit https://groups.google.com/d/optout.
