openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
b638e83354
openstack-ansible-os_keystone/releasenotes/notes/add-security-headers-e46c205b42b9598b.yaml
Matthew Thode 81a28142a0 Add security headers to web accessable services. 
Adds the following headers as static:

    X-Content-Type-Options "nosniff"
    X-XSS-Protection "1; mode=block"
    append Content-Security-Policy "default-src 'self' https: wss:;"

nosniff prevents non-executable mime times from becoming executable.
The X-XSS-Protection header will prevent the loading of a page if the
browser detects an xss attack.  The Content-Security-Policy declares
what dynamic resources are allowed to load.

Adds the following header as user-setable via the
keystone_x_frame_options variable.

    X-Frame-Options "DENY"

By default the X-Frame-Options header denies embedding in an iframe.

Change-Id: Iadd3e93bdb7e9d41ae1d027196367448dbce19f1
Partial-Bug: 1717321
2017-10-22 03:01:16 +00:00

9 lines
405 B
YAML
Raw Blame History

---
security:
- |
The following headers were added as additional default (and static) values.
`X-Content-Type-Options nosniff`, `X-XSS-Protection "1; mode=block"`, and
`Content-Security-Policy "default-src 'self' https: wss:;"`. Additionally,
the `X-Frame-Options DENY` header was added, defaulting to DENY. You may
override the header via the `keystone_x_frame_options` variable.
View Git Blame Copy Permalink