diff options
| author | fett0 <fernando.gmaidana@gmail.com> | 2023-12-15 18:39:29 +0000 |
|---|---|---|
| committer | fett0 <fernando.gmaidana@gmail.com> | 2023-12-15 18:39:29 +0000 |
| commit | ad65d37ddf92ec8416c84707d7d41e63346b550c (patch) | |
| tree | 4a821f200041331f1e21a9495d24afcd7460fb63 | |
| parent | 605d183d01ff1ab16a8a02db6534ddaca69a4a52 (diff) | |
| download | vyos-1x-ad65d37ddf92ec8416c84707d7d41e63346b550c.tar.gz vyos-1x-ad65d37ddf92ec8416c84707d7d41e63346b550c.zip | |
T5796:add command http-security-headers
| -rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 3 | ||||
| -rw-r--r-- | interface-definitions/vpn_openconnect.xml.in | 6 |
2 files changed, 8 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index ce03d9107..3a27eb755 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -85,7 +85,7 @@ route = {{ route }} {% endfor %} {% endif %} - +{% if http_security_headers is defined %} # HTTP security headers included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains included-http-headers = X-Frame-Options: deny @@ -100,3 +100,4 @@ included-http-headers = Cross-Origin-Resource-Policy: same-origin included-http-headers = X-XSS-Protection: 0 included-http-headers = Pragma: no-cache included-http-headers = Cache-control: no-store, no-cache +{% endif %} diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in index 3f363a263..16d6f366e 100644 --- a/interface-definitions/vpn_openconnect.xml.in +++ b/interface-definitions/vpn_openconnect.xml.in @@ -106,6 +106,12 @@ </leafNode> </children> </node> + <leafNode name="http-security-headers"> + <properties> + <help>Enable HTTP security headers</help> + <valueless/> + </properties> + </leafNode> <node name="ssl"> <properties> <help>SSL Certificate, SSL Key and CA (/config/auth)</help> |