Merge "Nagios – API Handling – HTTP Security Headers Not Present"

2019-08-14 00:59:23 +00:00 · 2019-08-14 00:59:23 +00:00 · 20dafdaddb
commit 20dafdaddb
parent a381200e8c ac65a37b0b
1 changed files with 5 additions and 0 deletions
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@ -191,6 +191,11 @@ network:
        nginx.ingress.kubernetes.io/session-cookie-hash: sha1
        nginx.ingress.kubernetes.io/session-cookie-expires: "600"
        nginx.ingress.kubernetes.io/session-cookie-max-age: "600"
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "X-Content-Type-Options: 'nosniff'";
+          more_set_headers "X-Frame-Options: SAMEORIGIN";
+          more_set_headers "Content-Security-Policy: script-src 'self'";
+          more_set_headers "X-XSS-Protection: 1; mode=block";
    node_port:
      enabled: false
      port: 30925