Landing page security
dkistner opened this issue · comments
The server should expose a HSTS header for landing page to enforce secure connections.
On top we should add some Content-Security-Policies to the markup/html of the exposed landing page.
https://github.com/gardener/gardener-metrics-exporter/blob/master/pkg/server/server.go#L40-L41
Do you already have an idea when to start progress? On 18.06.2019 is our next release decision.
@dkistner next release decision is on 20180828. Do you have an idea how to proceed here?