Add several security related HTTP headers - security hardening.
Several HTTP headers that enhance security on client-side:
Content Security Policy
HTTP Strict Transport Security
X-Content-Type-Options All of these enable browser protections on client side and make exploitation of common web flaws harder.
Adding these should be considered security hardening.
fixes #7805 - Add several security related HTTP headers - security hardening.This commit uses secure_headers gem and configures several HTTP
security related headers to be sent by server:
- Content Security Policy
- HTTP Strict Transport Security
All of these enable browser protections on client side and make
exploitation of common web flaws harder.
#1 Updated by Lukas Zapletal about 5 years ago
- Category set to Security
can you tell those all work with Foreman? I think we can't use all of them, because of noVNC, but some might be good indeed.
If you run your Foreman instance via Apache, then you can easily add them and report to us which of these have worked. Thanks!