Skip to content

feat(curriculum): add security and privacy review#68238

Open
Ksound22 wants to merge 1 commit into
freeCodeCamp:mainfrom
Ksound22:feat/add-sec-and-privacy-review
Open

feat(curriculum): add security and privacy review#68238
Ksound22 wants to merge 1 commit into
freeCodeCamp:mainfrom
Ksound22:feat/add-sec-and-privacy-review

Conversation

@Ksound22

@Ksound22 Ksound22 commented Jun 25, 2026

Copy link
Copy Markdown
Member

Checklist:

Closes #XXXXX

@Ksound22 Ksound22 added scope: curriculum Lessons, Challenges, Projects and other Curricular Content in curriculum directory. platform: learn UI side of the client application that needs familiarity with React, Gatsby etc. scope: i18n language translation/internationalization. Often combined with language type label backend js v9 This is for issues and PRs dealing with the latest Backend JS curriculum. labels Jun 25, 2026
@Ksound22 Ksound22 marked this pull request as ready for review June 25, 2026 09:52
@Ksound22 Ksound22 requested review from a team as code owners June 25, 2026 09:52
@Ksound22 Ksound22 changed the title feat(curriculum): add security and privacy reiew feat(curriculum): add security and privacy review Jun 25, 2026
@moT01 moT01 added status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending. and removed scope: i18n language translation/internationalization. Often combined with language type label labels Jun 25, 2026
zairahira
zairahira reviewed Jun 26, 2026
View reviewed changes
Comment thread curriculum/challenges/english/blocks/review-security-and-privacy/6a3ce12475aec05ee56492ef.md
**Content Security Policy (CSP)** is an HTTP response header that restricts which external resources a browser can load on a page. It defends primarily against **Cross-Site Scripting (XSS)** attacks by whitelisting trusted source domains for scripts, styles, and images.

```http
Content-Security-Policy: script-src 'self' https://trusted-cdn.com;

@zairahira zairahira Jun 26, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example isn't mentioned in the lecture files. You can either add an explanation in the lecture or remove the code from here.

Comment thread curriculum/challenges/english/blocks/review-security-and-privacy/6a3ce12475aec05ee56492ef.md
Comment on lines +70 to +71
- **`SameSite=Strict`:** Prevents the browser from sending the cookie on any cross-site request, blocking CSRF attacks.
- **`SameSite=Lax`:** Allows cookies on safe top-level navigation but blocks them on cross-site form submissions and API requests.

@zairahira zairahira Jun 26, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While SameSite is mentioned in the lectures, its arguments like SameSite=Lax and SameSite=Strict aren't. These should either be added to the lectures or removed from here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zairahira zairahira zairahira left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

backend js v9 This is for issues and PRs dealing with the latest Backend JS curriculum. platform: learn UI side of the client application that needs familiarity with React, Gatsby etc. scope: curriculum Lessons, Challenges, Projects and other Curricular Content in curriculum directory. status: waiting review To be applied to PR's that are ready for QA, especially when additional review is pending.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Ksound22 @zairahira @moT01