At Combostrap, we are taking security very seriously and take the following measures to prevent any attack.
Cross-site request attack
Every form uses a token to prevent a cross-site request attack (CSRF))
To prevent an injection attack:
Content Security Policy
We apply the Content Security Policy framework.
By default, we disallow:
- the framing of the website to prevent clickjacking.
- the use of http and https at the same time
We set the Referrer-Policy to not send private URL to external domain.
Dokuwiki follows also this rules (see devel%3Asecurity). We are making use of the CSRF token functionality.
Reporting Security Issues
For any security concern or issue, you can contact us at security [at] combostrap [dot] com