Security at Github

August 17, 2016 by joecodes Leave a Comment

Prompted by a tweet by CSS-Tricks about protecting the token, this is a brief post that showcases a handful of security techniques used at Github from Let’s look at some of the security at Github.

This is a short article showing five things I find awesome with Github’s security. Best of all is that we could learn from Github and follow their lead.

Dynamic CSP
Hack for dangling markup
Referrer
Redirect FQDN
No CSP for 304’s (Not Modified)

https://chloe.re/2016/08/15/lets-look-at-some-of-the-security-at-github/

Leave a Reply Cancel reply

You must be logged in to post a comment.

I was surprised to learn that foreach in JavaScript does not have a traditional break. The loop will run to completion.
Who knew that combination sums across all permutation lengths of an array would be so difficult? It was a challenge but the final product looks good and takes a lot of resources. Limiting the max length for basic memory limits. Would only do something like this for occasional reporting.
Working on a new project that can have hundreds of forms on a page. The browser was spending way too much time in Parse HTML. Wasted a bunch of time before learning this is a long-standing bug in Chrome when there are many forms or inputs. Other browsers are fine.

Share this:

Related

Leave a Reply Cancel reply