> That sounds like an excellent KR for a security-themed O for Q1; Greg, > do you have a sense of how much of this is dev work, versus ops/config > changes, versus stuff that's out of our hands entirely?
stomlinson went over the scans with me on Friday. They're all security header issues. Adding CSP to verifier.accounts.firefox.com might entail some dev work, but the rest look like CDN changes and scanner changes (like not reporting counting a failure for a report only CSP header when a CSP header is also returned).
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
