HTTP response headers from Azure Functions should align with OWASP best-practices #9636
Assignees
Comments
|
Thanks for informing. pls refer updated document. |
|
@bhagyshricompany What updated document are you referring to? |
|
@bhagyshricompany If it's relevant, we need to do this on a NodeJS function app. |
|
Direct manipulation of the web.config file is generally not recommended for Azure Functions. |
|
@bhagyshricompany Understand that if we modify webconfig we might encounter problems. How do we even access the web config in a zip deployment? We use Azure DevOps to build and deploy. |
|
Any update? |
|
ping |
carlo-quinonez
changed the title
|
? |
|
@bhagyshricompany I updated the title to reflect the reason I asked about the web.config. Hopefully the new title and description are helpful in prioritizing this issue |
|
any thoughts? |
|
? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scope
This question applies to a Function App running on a Windows App Service Plan.
On AppServices, we're able to modify the
web.configto update response headers to meet the OWASP Secure Headers recommendations. This is a corporate policy, and violdating it includes penalties "up to and including termination". I doubt anyone would actually be fired for this, but...Can we access the web.config file to do the same on Azure Functions?
The text was updated successfully, but these errors were encountered: