From c49207819eb554ef6bf003b8feb2ce70590c0fc6 Mon Sep 17 00:00:00 2001
From: Jagan Kavva <jk330k@att.com>
Date: Wed, 16 Jan 2019 15:12:01 -0600
Subject: [PATCH] =?UTF-8?q?Pentest=20-=20NC1.0=20K8S=20=E2=80=93Security?=
 =?UTF-8?q?=20HTTP=20Headers=20Not=20Present=20=E2=80=93=20TCP=206443?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The server should send an X-Content-Type-Options: nosniff to make sure
the browser does not try to detect a different Content-Type than what is
actually sent (can lead to XSS).

Additionally the server should send an X-Frame-Options: deny to protect
against drag'n drop clickjacking attacks in older browsers.

Change-Id: I779c519cf75bbee23d3a8348291c0fd053e61e4e
---
 ingress/values.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ingress/values.yaml b/ingress/values.yaml
index de90cb773..daad5760b 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -111,6 +111,9 @@ network:
       # .deployment.cluster.class
       kubernetes.io/ingress.class: null
       nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/configuration-snippet: |
+        more_set_headers "X-Content-Type-Options: nosniff";
+        more_set_headers "X-Frame-Options: deny";
   external_policy_local: false
 
 dependencies: