The Building Blocks Of Progressive Web #apps – Smashing Magazine
▻https://www.smashingmagazine.com/2016/09/the-building-blocks-of-progressive-web-apps
#progressive_apps #service_workers
The Building Blocks Of Progressive Web #apps – Smashing Magazine
▻https://www.smashingmagazine.com/2016/09/the-building-blocks-of-progressive-web-apps
#progressive_apps #service_workers
Sécurisez votre site web avec les headers HTTP
▻https://www.vaadata.com/blog/fr/securiser-votre-site-web-avec-les-headers-http
Un résumé des #headers qui améliorent la #sécurité :
Strict-Transport-Security
CORS headers (Access-Control-Allow-Origin)
Content-Security-Policy
X-Content-Type-Options
X-XSS-Protection
Une présentation lumineuse du header CSP par Nicolas Hofmann :
▻https://www.nicolas-hoffmann.net/content-security-policy-parisweb-2015
Mise en place d’un #monitoring avec Report-URI + Report-Only
Pour le monitoring des notifications #CSP et #HPKP d’un site en production, un service en ligne gratuit :
►https://report-uri.io
Ironically, CSP is too efficient in some browsers — it creates bugs with bookmarklets. So, do not update your CSP directives to allow bookmarklets. We can’t blame any one browser in particular; all of them have issues:
Firefox
Chrome (Blink)
WebKit
Most of the time, the bugs are false positives in blocked notifications. All browser vendors are working on these issues, so we can expect fixes soon. Anyway, this should not stop you from using CSP.
▻https://www.smashingmagazine.com/2016/09/content-security-policy-your-future-best-friend
Par Nicolas Hofmann toujours, évangéliste CSP :)