Project

General

Profile

Actions

Feature #7805

closed

Add several security related HTTP headers - security hardening.

Added by Jan Rusnacko about 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Several HTTP headers that enhance security on client-side:

Content Security Policy
HTTP Strict Transport Security
X-XSS-Protection
X-Frame-Options
X-Content-Type-Options All of these enable browser protections on client side and make exploitation of common web flaws harder.

Adding these should be considered security hardening.


Related issues 3 (1 open2 closed)

Related to Foreman - Bug #7907: gravatars are now brokenClosed10/11/2014Actions
Related to Foreman - Bug #7985: Can not access server consoleClosedShlomi Zadok10/19/2014Actions
Related to Foreman - Bug #7018: SPICE libvirt websockets connections aren't encryptedNew08/11/2014Actions
Actions #1

Updated by Lukas Zapletal about 10 years ago

  • Category set to Security

Hello,

can you tell those all work with Foreman? I think we can't use all of them, because of noVNC, but some might be good indeed.

If you run your Foreman instance via Apache, then you can easily add them and report to us which of these have worked. Thanks!

Actions #2

Updated by Daniel Lobato Garcia about 10 years ago

  • Pull request https://github.com/theforeman/foreman/pull/1779 added
  • Pull request deleted ()
Actions #3

Updated by Dominic Cleal about 10 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Jan Rusnacko
  • Target version set to 1.7.2
Actions #4

Updated by Anonymous about 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #5

Updated by Ohad Levy about 10 years ago

  • Related to Bug #7907: gravatars are now broken added
Actions #6

Updated by Daniel Lobato Garcia about 10 years ago

  • Translation missing: en.field_release set to 21
Actions #7

Updated by Dominic Cleal about 10 years ago

  • Related to Bug #7985: Can not access server console added
Actions #8

Updated by Dominic Cleal about 10 years ago

  • Related to Bug #7018: SPICE libvirt websockets connections aren't encrypted added
Actions

Also available in: Atom PDF