openstack/openstack-helm-infra
Code Issues Proposed changes

Pentest - NC1.0 K8S –Security HTTP Headers Not Present – TCP 6443

Browse Source 
The server should send an X-Content-Type-Options: nosniff to make sure
the browser does not try to detect a different Content-Type than what is
actually sent (can lead to XSS).

Additionally the server should send an X-Frame-Options: deny to protect
against drag'n drop clickjacking attacks in older browsers.

Change-Id: I779c519cf75bbee23d3a8348291c0fd053e61e4e
This commit is contained in:
Jagan Kavva 2019-01-16 15:12:01 -06:00
parent ded5de14fa
commit c49207819e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ingress/values.yaml
View File

@ -111,6 +111,9 @@ network:
# .deployment.cluster.class
kubernetes.io/ingress.class: null
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: deny";
external_policy_local: false
dependencies: