openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
0bc3b64915
openstack-ansible-os_keystone/vars
History
Matthew Thode 81a28142a0 Add security headers to web accessable services. 
Adds the following headers as static:

    X-Content-Type-Options "nosniff"
    X-XSS-Protection "1; mode=block"
    append Content-Security-Policy "default-src 'self' https: wss:;"

nosniff prevents non-executable mime times from becoming executable.
The X-XSS-Protection header will prevent the loading of a page if the
browser detects an xss attack.  The Content-Security-Policy declares
what dynamic resources are allowed to load.

Adds the following header as user-setable via the
keystone_x_frame_options variable.

    X-Frame-Options "DENY"

By default the X-Frame-Options header denies embedding in an iframe.

Change-Id: Iadd3e93bdb7e9d41ae1d027196367448dbce19f1
Partial-Bug: 1717321
2017-10-22 03:01:16 +00:00
..
main.yml Switch to using Nginx/uWSGI by default 2017-06-29 16:42:36 +00:00
redhat-7.yml Remove Developer Tools package group 2017-08-21 12:02:28 -05:00
suse-42.yml Add security headers to web accessable services. 2017-10-22 03:01:16 +00:00
ubuntu-16.04.yml Add security headers to web accessable services. 2017-10-22 03:01:16 +00:00