Confirmed users
529
edits
Security/FirefoxOperations: Difference between revisions
Jump to navigation
Jump to search
→Security Checklist
| Line 79: | Line 79: | ||
* [ ] Set HSTS to 31536000 (1 year) | * [ ] Set HSTS to 31536000 (1 year) | ||
* `strict-transport-security: max-age=31536000` | * `strict-transport-security: max-age=31536000` | ||
* [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184). | * [ ] If the service is not hosted under `services.mozilla.com`, it must be manually added to [Firefox's preloaded pins](https://dxr.mozilla.org/mozilla-central/source/security/manager/tools/PreloadedHPKPins.json#184). | ||
* If service has an admin panels, it must: | * If service has an admin panels, it must: | ||
| Line 90: | Line 86: | ||
Development | Development | ||
----------- | ----------- | ||
* [ ] Ensure your code repository is configured and located appropriately: | |||
* Only designated people should be allowed to push to production branches. ([GitHub protected branches](https://help.github.com/articles/configuring-protected-branches/).) | |||
* Host your repository in a trusted organization (one that follows [EIS Recommendations](https://mana.mozilla.org/wiki/display/POLICIES/Standard%3A+GitHub+repositories+and+organizations)). A list is maintained [here](https://wiki.mozilla.org/Github/Trusted_Organizations). | |||
* [ ] Sign all release tags, and ideally commits as well | * [ ] Sign all release tags, and ideally commits as well | ||
* Developers should [configure git to sign all tags](http://micropipes.com/blog//2016/08/31/signing-your-commits-on-github-with-a-gpg-key/) and upload their PGP fingerprint to https://login.mozilla.com | * Developers should [configure git to sign all tags](http://micropipes.com/blog//2016/08/31/signing-your-commits-on-github-with-a-gpg-key/) and upload their PGP fingerprint to https://login.mozilla.com | ||
| Line 159: | Line 158: | ||
* Keys used to sign sessions don't need a rotation mechanism if destroying all sessions is acceptable in case of emergency. | * Keys used to sign sessions don't need a rotation mechanism if destroying all sessions is acceptable in case of emergency. | ||
* [ ] Do not proxy requests from users without strong limitations and filtering (see [Pocket UserData vulnerability](https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/)). Don't proxy requests to [link local, loopback, or private networks](https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4) or DNS that resolves to addresses in those ranges (i.e. 169.254.0.0/16, 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 198.18.0.0/15). | * [ ] Do not proxy requests from users without strong limitations and filtering (see [Pocket UserData vulnerability](https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/)). Don't proxy requests to [link local, loopback, or private networks](https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv4) or DNS that resolves to addresses in those ranges (i.e. 169.254.0.0/16, 127.0.0.0/8, 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, 198.18.0.0/15). | ||
* [ ] Do not use `target="_blank"` in external links unless you also use `rel="noopener noreferrer"` (to prevent [Reverse Tabnabbing](https://www.owasp.org/index.php/Reverse_Tabnabbing)) | |||
</source> | </source> | ||