INFORMATION
Relevant information to this issue:
- OS: Mac OS X
- databases: POSTGRESQL 12
- Programming language and version: Node & React JS
- Link to your project on GitHub/Gitlab: https://gitlab.com/pathline-developers
- Link to your application : https://console.qovery.com/organization/a7136e96-4e7a-405c-97ce-2b6ffea38a02/project/cd112add-c27a-4bd1-aa61-2f10115abb1c/environments/general
ISSUE
Hi everyone,
After a Pentest that have been done on our platform, we’ve got a feedback on missing headers that we might need in our front-end app. Here is the analysis of our lead developer, who thinks it could be resolved from the Devops side :
This issue appears to be related to the configuration of the Front server.
The back-end does not seem to have the problem, as it uses the “helmet” module. Since the back-end creates its own server and listens on its own port, it distributes the requested headers (see screenshot).
However, the front-end is built, and there must be software on the server that creates the listening server and distributes the files (nginx, apache, node?). This component needs to be configured to add the requested headers. I do not have access to this component, and I may not be the most qualified person to make these changes, so please review and decide how you would like to proceed.
Back-end result :
Front-end result :
Could you help us with this issue ?
Thanks,
Dan
