Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks
UlisesGascon opened this issue · comments
Ulises Gascón commented
We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)
The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)
Context
- Discussion during the last meeting (Minute 48:08)
- CII Best Practices: Security
- Team Discussion
Potential actions
TBD
Jordan Harband commented
I assume if the website has CORS and HSTS set up, this will be satisfied.
github-actions commented
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.