Feature #7805
closed
Add several security related HTTP headers - security hardening.
Added by Jan Rusnacko almost 10 years ago.
Updated about 6 years ago.
Description
Several HTTP headers that enhance security on client-side:
Content Security Policy
HTTP Strict Transport Security
X-XSS-Protection
X-Frame-Options
X-Content-Type-Options All of these enable browser protections on client side and make exploitation of common web flaws harder.
Adding these should be considered security hardening.
Hello,
can you tell those all work with Foreman? I think we can't use all of them, because of noVNC, but some might be good indeed.
If you run your Foreman instance via Apache, then you can easily add them and report to us which of these have worked. Thanks!
- Pull request https://github.com/theforeman/foreman/pull/1779 added
- Pull request deleted (
- Status changed from New to Ready For Testing
- Assignee set to Jan Rusnacko
- Target version set to 1.7.2
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
- Related to Bug #7907: gravatars are now broken added
- Translation missing: en.field_release set to 21
- Related to Bug #7985: Can not access server console added
- Related to Bug #7018: SPICE libvirt websockets connections aren't encrypted added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by Anonymous 
Updated by