Skip to content

Commit d40435e

Browse files
authored
Merge pull request #5864 from Countly/ar2rsawseen/master
component updates and include security.txt
2 parents e650969 + b7d9fc7 commit d40435e

File tree

8 files changed

+1018
-1165
lines changed

8 files changed

+1018
-1165
lines changed

api/api.js

100755100644
+2-2
Original file line numberDiff line numberDiff line change
@@ -109,8 +109,8 @@ plugins.connectToAllDatabases().then(function() {
109109
password_rotation: 3,
110110
password_autocomplete: true,
111111
robotstxt: "User-agent: *\nDisallow: /",
112-
dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000 ; includeSubDomains\nX-Content-Type-Options: nosniff",
113-
api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nAccess-Control-Allow-Origin:*",
112+
dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nX-Content-Type-Options: nosniff",
113+
api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nAccess-Control-Allow-Origin:*",
114114
dashboard_rate_limit_window: 60,
115115
dashboard_rate_limit_requests: 500,
116116
proxy_hostname: "",

frontend/express/app.js

+2-2
Original file line numberDiff line numberDiff line change
@@ -151,8 +151,8 @@ plugins.setConfigs("security", {
151151
password_rotation: 3,
152152
password_autocomplete: true,
153153
robotstxt: "User-agent: *\nDisallow: /",
154-
dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000 ; includeSubDomains\nX-Content-Type-Options: nosniff",
155-
api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nAccess-Control-Allow-Origin:*",
154+
dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nX-Content-Type-Options: nosniff",
155+
api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nAccess-Control-Allow-Origin:*",
156156
dashboard_rate_limit_window: 60,
157157
dashboard_rate_limit_requests: 500
158158
});
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# If you would like to report a security issue with Countly Server, Countly SDKs
2+
# please get in touch via the below method
3+
Contact: mailto:[email protected]
4+
Expires: 2025-03-14T00:00:00.000Z
5+
Preferred-Languages: en
6+
Canonical: https://securitytxt.org/.well-known/security.txt
7+
Policy: https://countly.com/legal/privacy-policy

0 commit comments

Comments
 (0)