XSF Discussion - 2023-11-17

  1. Guus

    I'm being asked to add CSP HTTP headers to a BOSH endpoint ... Isn't that pointless, given that the data served through those endpoints isn't HTML?

  2. Zash

    Guus, doesn't make much sense to me no.

  3. Kev

    Could potentially be some security scanner complaining.

  4. Guus

    Yeah, that's likely it.

  5. MattJ

    Well, I think at least Prosody and ejabberd do serve HTML in response to GET on the BOSH URL

  6. flow

    "I do as the security vulnerability scanner guides"

  7. pep.

    I remember when my company was trying to get ISO27001 when I was still employed.. BS everywhere.

  8. pep.

    Maybe it wasn't even 27001 but 9001

  9. pep.

    Same story anyway

  10. singpolyma

    Bettur plan: disable BOSH 😉