Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

Question

Requirement (Gold level): Secured delivery against man-in-the-middle (MITM) attacks

UlisesGascon opened this issue 5 months ago · comments

We agreed on #1175 to open an issue to follow up a discussion about this requirement for Node.js (cc: @mhdawson @ljharb @RafaelGSS)

The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required)

Context

Discussion during the last meeting (Minute 48:08)
CII Best Practices: Security
Team Discussion

Potential actions

TBD

Jordan Harband · Answer 1 · Sat Jan 06 2024 23:25:26 GMT+0800 (China Standard Time)

I assume if the website has CORS and HSTS set up, this will be satisfied.

github-actions · Answer 2 · Sat Apr 06 2024 08:13:31 GMT+0800 (China Standard Time)

This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made.