Weekly Report: 15th July 2019
FrontierNav
- Unified data across every game
- Added data tables to every game
- Improved search performance
- Fixed various navigation bugs
- Progressed ideas on static generation
- Further improved security headers
#security
Posts tagged with #security.So Many Security Updates
It seems every week there's a new vulnerability found in an npm package. While this is great progress for the community, it's a pain to deal with when maintaining multiple projects. Automation is a solution, but then you need to maintain the automation. Removing dependencies and writing your own just means you'll probably have vulnerabilities that you don't know about since no one's looking. Eventually dependencies rot and security issues take over. At that point you need to abandon ship and find a new one.
It's an unsolvable problem as far as I can tell.
FrontierNav Security - CSP and SRI
I can't remember how I started going down this route, but I do know that as someone with multiple websites, I should be doing the most to ensure nothing malicious is being loaded onto my viewer's computer.
Actually, I do remember. I was looking into how FrontierNav can introduce an iframe-based, postMessage API to allow third-party integrations -- an exciting topic for another time. Loading iframes from other places is of course open to abuse, so I looked into securing it.