openstack/openstack-helm-infra
Code Issues Proposed changes

Pentest-NC1.0 Nova–Security HTTP Headers Not Present

Browse Source 
Added new HTTP Security header Content-Security-Policy:self to make
sure the browser does not allow any cross-site scripting attacks.

Added new HTTP Security header X-Permitted-Cross-Domain-Policies:none
To prevent web client to load data from the current domain.

Added new HTTP Security header X-XSS-Protection:1 mode=block to
sanitize the page, when a XSS attack is detected, the browser will
prevent rendering of the page.

Change-Id: Ief137738f4b793f49f3632e25339c6f49492fd80
This commit is contained in:
NarlaSandeepNarlaSaibaba 2019-06-27 13:25:54 -05:00
parent 8edc3b4286
commit 3f32f08319
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ingress/values.yaml
View File

@ -150,6 +150,8 @@ network:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: deny";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Content-Security-Policy: script-src 'self'";
external_policy_local: false
dependencies: