internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-04-22 08:41:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #887 from ansible/add-content-type-option-header-op

Browse Source 
Add the X-Content-Type-Options nosniff header
This commit is contained in:
Shane McDonald
2022-05-02 08:25:48 -04:00
committed by GitHub
parent 859384e9f6 fa705f6466
commit e6a473b765
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/installer/templates/config.yaml.j2
View File

@@ -176,6 +176,8 @@ data:
# Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
add_header X-Frame-Options "DENY";
# Protect against MIME content sniffing https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
add_header X-Content-Type-Options nosniff;
location /nginx_status {
stub_status on;
@@ -229,6 +231,7 @@ data:
add_header Strict-Transport-Security max-age=15768000;
# Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Expires "0";
add_header Pragma "no-cache";