Add security measures

What security measures should we add?

- [x] [basic security headers](https://github.com/voorhoede/head-start/blob/main/public/_headers#L4-L11).
- [ ] [allowlist hosts for dev and preview servers](https://astro.build/blog/astro-540/#allowlist-hosts-for-dev-and-preview-servers)?
- [ ] [check origin protection](https://docs.astro.build/en/reference/configuration-reference/#securitycheckorigin) as a basic csrf protection. It's a simple Astro config option. Returns `403` if origin does not match. Should we return a `403` page like we do for `404`? Could share an Error Page model as suggested in #158 for `500` pages.
- [x] [Astro env](https://docs.astro.build/en/reference/configuration-reference/#experimentalenv) to restrict access (server/client; public) and type-safety of env variables.
- [ ] [Astro Shield](https://astro-shield.kindspells.dev/) to add Subresource Integrity and Content Security Policy (CSP) headers.
- [ ] [Astro Utils](https://withastro-utils.github.io/docs/guides/forms/getting-started/) to add CSRF token protection to forms. Note: [may not be compatible with Cloudflare adapter](https://github.com/withastro-utils/utils/issues/6)
-  ...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add security measures #216

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add security measures #216

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions