-
Notifications
You must be signed in to change notification settings - Fork 10.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: Create new doc on security #13305
Comments
* fix broken link * add blogpost mentions, change content from stubs * add link to github issue * add stub for security doc Related to #13305 * chore: format * add link to another Github issue
Hey @marcysutton, as soon as I've PR'd #14564 I can start working on this one! I recently went through and made sure to patch up my own blog with Mozilla Observatory and the blog post referenced 👆🏽 was really helpful - I think this would be a great guide to work on 🚀 |
That's fantastic, @dyyyl. We look forward to seeing what you come up with! |
Sorry, wrong button! I did not mean to close this. |
@dyyyl how's it going with the security guide? |
Hey @marcysutton, so sorry got super caught up. Starting to make more progress now, should have a PR ready early next week. |
Any news @dyyyl? I was on vacation for a while, so I wanted to check up on it. |
Hey @dyyyl! Any update? If life has gotten busy, we'd be happy to take this on or let another contributor pick it up. |
In the interest of moving things along, I'm going to unassign this one and open it up to the community. @dyyyl if you still want to contribute a PR, we'd love to have it! |
Hey @marcysutton I'd be happy to try and draft something up and see what people think? Based on the in-depth article posted, this page would provide devs with ways to easily apply the concepts explained in the article. Some concepts I see as important (I'm open to suggestions from others):
This is what comes to my mind initially but I am open to others opinions. |
@jjroush that sounds great, I'd say go for it! Your thinking sounds very aligned with what is needed for this doc, especially keeping secrets secret since that has come up a few times recently in sourcing recipes. |
Ahh, @jjroush thanks so much for taking this over. Other things you may want to cover are tools like Mozilla Observatory and how to properly set Content Security Policy headers! |
More ideas for security
@dyyyl Mozilla Observatory is an awesome tool... so many useful headers! |
Hey @jjroush, how's it going on this issue? |
@marcysutton I'll do my best to get a PR from my fork up in a day or so. I know the issue talked about putting this under the |
Hey @jjroush, just checking in on this issue. Is there a PR here that hasn't been linked? Happy to make that connection if needed. |
Hey folks, I wrote a blog post when I first set my Gatsby site up that covered the security stuff I did. Happy to use an updated version of that content plus what's in this thread to get you a security page up and running. I'll aim to have you a PR this week unless someone else jumps in. |
@marcysutton I am interested to take it in. |
@brabster are you still interested in working on this? |
@laurieontech Should I close my PR then? |
Apologies, got snowed under with work etc. pretty much as I offered to help! Happy to contribute to @kushthedude 's PR if I can find anything to add, looks like a lot of info there! Looks like a substantial piece of work! |
@kushthedude Not at all! Just wanted to follow up with @brabster to see if they had anything in the works we'd need to consider with your PR. |
Thanks.
…On Tue, 26 Nov, 2019, 22:13 LB, ***@***.***> wrote:
@kushthedude <https://github.com/kushthedude> Not at all! Just wanted to
follow up with @brabster <https://github.com/brabster> to see if they had
anything in the works we'd need to consider with your PR.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#13305?email_source=notifications&email_token=AKQMTLRA4T7AK53UDKFT5P3QVVG4TA5CNFSM4HFLVWVKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFGVNRA#issuecomment-558716612>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKQMTLXFHRT3KHMXC4OSLYTQVVG4TANCNFSM4HFLVWVA>
.
|
This issue is still open, and it's important to reiterate that it shouldn't be a straight copy of @moonmeister's blog post. He had some good advice in #19778 (comment) (a PR that was closed for not meeting Gatsby's Code of Conduct and working standards):
|
Hi guys. This issue was staled for a few months and I decided to solve it. Feedbacks appreciated! |
Summary
Security in Gatsby is an important topic, and deserves a page in the docs describing what Gatsby does well and what developers need to watch out for. It could go under "Improving Performance" in the Guides section of the docs.
There is a wonderful new blog post on security from @moonmeister: https://www.gatsbyjs.org/blog/2019-04-06-security-for-modern-web-frameworks/
This issue serves as a follow-up to make sure we add a dedicated page in the docs for security in Gatsby. It should list best practices and gotchas to prepare Gatsby devs as much as possible for security limitations and requirements.
The text was updated successfully, but these errors were encountered: