File tree Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change @@ -80,8 +80,10 @@ Furthermore:
8080 (TLS), regardless of whether it is an internal or public-facing API.
8181* Be specific about which HTTP verbs each API can be accessed by: all other
8282 HTTP verbs should be disabled (e.g. HEAD).
83- * Implement a proper Cross-Origin Resource Sharing (CORS) policy on APIs
84- expected to be accessed from browser-based clients (e.g. web app front-ends).
83+ * APIs expecting to be accessed from browser-based clients (e.g., WebApp
84+ front-end) should, at least:
85+ * implement a proper Cross-Origin Resource Sharing (CORS) policy
86+ * include applicable Security Headers
8587* Ensure all servers in the HTTP server chain (e.g. load balancers, reverse
8688 and forward proxies, and back-end servers) process incoming requests in a
8789 uniform manner to avoid desync issues.
You can’t perform that action at this time.
0 commit comments