beta11 migratetoflarum lab errors

DursunCan

HSTS	 Not found. HSTS headers prevent traffic from being downgraded to HTTP
-
CSP	 Not found. CSP headers allow you to whitelist what resources can be used on your page and is an effective measure against XSS
-
Request
Date
URL
http://www.forum.sourceturk.net/
Headers
User-Agent
MigrateToFlarum Lab
Response
cURL error 6: Could not resolve host: www.forum.sourceturk.net (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)
-

how can i fix these errors?

clarkwinkelmann

DursunCan none of these are really errors. Merely suggestions. As you can see the lab itself gives you explanations and links.

HSTS can be implemented by adding a header to every response. You can search instructions on how to do it with Apache or Nginx. Some links https://scotthelme.co.uk/hsts-the-missing-link-in-tls/ and https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

CSP is currently not easy to implement with Flarum, so you can disregard unless you want to really go advanced with the security configuration. There's a long discussion about how to implement CSP in Flarum somewhere on this forum.

The host resolve thing you can ignore, unless you expect your users to manually type www.forum.sourceturk.net in their address bar. From the text on the lab:

Check the hostname can be publicly resolved. For example use the dig command with a public DNS server like Google: dig {hostname} @8.8.8.8. Having a www. record is not strictly required if you are using a subdomain for your forum. It is recommended to have one if you are using the bare domain for your forum