[gimp-web/oscp] Add HSTS and other security headers
- From: Michael Schumacher <schumaml src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp-web/oscp] Add HSTS and other security headers
- Date: Fri, 27 Mar 2020 15:48:19 +0000 (UTC)
commit 8029438de1b90eb8c73c69ec66a3e14c9f26a149
Author: Michael Schumacher <schumaml gmx de>
Date: Fri Mar 27 16:48:04 2020 +0100
Add HSTS and other security headers
.../app_data/httpd-cfg/testing.gimp.org.conf | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
---
diff --git a/testing.gimp.org/app_data/httpd-cfg/testing.gimp.org.conf
b/testing.gimp.org/app_data/httpd-cfg/testing.gimp.org.conf
index b6c5716c..987d7d5b 100644
--- a/testing.gimp.org/app_data/httpd-cfg/testing.gimp.org.conf
+++ b/testing.gimp.org/app_data/httpd-cfg/testing.gimp.org.conf
@@ -5,6 +5,22 @@
ServerAdmin webmaster gimp org
DocumentRoot /opt/app-root/src/html
+ ##
+ # Headers relevant to security
+ ##
+
+ # Only connect to this site via HTTPS for the next year (recommended)
+ Header always set Strict-Transport-Security "max-age=31536000"
+
+ # Only allow my site to frame itself
+ Header always set X-Frame-Options "SAMEORIGIN"
+
+ # Block pages from loading when they detect reflected XSS attacks
+ Header always set X-XSS-Protection "1; mode=block"
+
+ # Prevent browsers from incorrectly detecting non-scripts as scripts
+ Header always set X-Content-Type-Options "nosniff"
+
# Disable unsafe inline/eval, only load resources from same origin
# except also allow OpenHub. Also disables the execution of plugins.
Header always set \
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]