Comments (10)
Brilliant! For reference, my little nonfunctional.md
file contains the following points for security:
- HSTS ✅
- CSRF ✅
- CORS ✅
- XSS protection ✅
- Content Security Policy
- SRI hashes where possible
You've got stuff I'm missing (like X-Frame-Options), so I'll quietly copy/paste those in :). SRI and Content Security Policy are both probably worth a mention :) -- CSP is probably a "high" and SRI is probably a "low".
Possibly one of the cheat sheets for XSS and similar mentions CSP, but it's worth a top-level mention IMHO.
I should've said in the first comment, but thanks for building this handy little resource. The list of so-called non-functional
requirements for a modern webapp is vast (and seemingly grows forever), so it's great to have a good enumeration of them.
from front-end-checklist.
Was going to mention there's room for a security section
from front-end-checklist.
@frio @collinwu indeed, that part is missing. Let me add that section and don't hesitate to comment on that.
from front-end-checklist.
I just add a first draft for the security section, don't hesitate to give me a feedback or make some changes.
from front-end-checklist.
Don't hesitate to propose (in a PR) a change in the priority if you don't agree. Thanks for your support @frio (frio means cold in portuguese :D). Hopefully, that checklist will improve a lot in the next days.
from front-end-checklist.
+1
from front-end-checklist.
@collinwu @frio Some time ago, we added a security section, but since I was exchanging with some developers, and I would have your POV. A Front-End developer is in general not responsible for server-side security rules... If you develop an application with server-side, you may be more a Full-Stack developer than a Front-End Dev... Don't you think?
from front-end-checklist.
from front-end-checklist.
Phew, sorry for the slow reply! Security is a nightmare in our industry; we find new flaws with potentially dangerous implications day in and day out. There are heaps of things that front-end developers should be aware of in the security space :)!
At a minimum, I'd expect a frontend developer to at least be aware of the OWASP Top 10. You're right that they may not need to know how to solve all of those, but I'd expect them to know how to protect against XSS, for instance, or CSRF. There are also nice little tweaks (like SRI hashes) that help to prevent against a compromised CDN or ad from subverting your site.
Basically -- yes, full-stack devs need to know more :). However, I'd argue that front-end devs need to understand the world they deploy into at a minimum, and understand how to address some of the flaws that most impact them.
from front-end-checklist.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have any question, please contact me directly at [email protected]. Thank you for your contributions to that project!
from front-end-checklist.
Related Issues (20)
- design ux/ui HOT 1
- Title of videos in details are bigger than other docs/tools titles HOT 3
- Add theme color meta tag (Feature request). HOT 5
- frontendchecklist.io links to NSFW content (thedaviddias.me) HOT 3
- FE_Checklist HOT 1
- Front-End-Chacklist
- Dark Mode for the website HOT 11
- favicons can be SVG HOT 12
- CSS Grid HOT 11
- Image elements do not have explicit width and height HOT 7
- ..
- sudan
- Buttons HOT 13
- Site performance HOT 1
- Extra css category HOT 1
- Suggestion: Add a table of contents for easy navigation. HOT 3
- The Arabic Language HOT 4
- Persian Translation HOT 3
- GA Checker link under SEO->Google Analytics seems to be invalid HOT 2
- Paragraph repeats in README.md HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from front-end-checklist.