Prompted by a tweet by CSS-Tricks about protecting the token, this is a brief post that showcases a handful of security techniques used at Github from Let’s look at some of the security at Github.
This is a short article showing five things I find awesome with Github’s security. Best of all is that we could learn from Github and follow their lead.
- Dynamic CSP
- Hack for dangling markup
- Referrer
- Redirect FQDN
- No CSP for 304’s (Not Modified)
https://chloe.re/2016/08/15/lets-look-at-some-of-the-security-at-github/