Just noticed that I've been ignoring #http security for 3+ years. Somehow thought that Netlify defaults to some sort of BPs, but that was a very wrong assumption. -.-
It's better now: https://ttntm.me/notes#18
Next: https://github.com/ttntm/watch3r/issues/41 which means also taking care of the http headers for the app's functions.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.