A couple additional emails and some hardening

Just made a release to testing.shmeppy.com. Nothing too interesting but hopefully I’m now sending out all the emails that users want.

  • Send email confirming unsubscription when user unsubscribes.
  • Send email confirming resubscription when user resubscribes.
  • Browsers will now always use HTTPS after accessing Shmeppy once, lowering the risk of man-in-the-middle attacks.
  • Harden Shmeppy slightly against cross-site scripting (added X-Content-Type-Options: nosniff).
  • Harden Shmeppy against click-jacking by preventing sites from embedding Shmeppy in iframes.

Surprisingly the most time-consuming change was sending emails upon resubscription! Had some technical debt in my way that I decided to pay back.

Happy Shmepping ya’ll!

1 Like

It is amazing to see that security is in the front of the development queue. As always, thank you for your hard work.

1 Like