summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-12-16 08:24:30 +0100
committerGitHub <noreply@github.com>2023-12-16 08:24:30 +0100
commite5fcf49f293ef25a2b2685a3ebd9ac9488946c3f (patch)
tree325c9c08a8de47a323de643aaf1c2c0b4e087bad /data
parentb149a386400c0f869654ac26b0fee2e7f1bbc282 (diff)
parentad65d37ddf92ec8416c84707d7d41e63346b550c (diff)
downloadvyos-1x-e5fcf49f293ef25a2b2685a3ebd9ac9488946c3f.tar.gz
vyos-1x-e5fcf49f293ef25a2b2685a3ebd9ac9488946c3f.zip
Merge pull request #2572 from fett0/T5796
T5796:backport-add/fixed OCSERV HTTP security headers
Diffstat (limited to 'data')
-rw-r--r--data/templates/ocserv/ocserv_config.tmpl17
1 files changed, 17 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl
index 8a394f0ac..3a27eb755 100644
--- a/data/templates/ocserv/ocserv_config.tmpl
+++ b/data/templates/ocserv/ocserv_config.tmpl
@@ -84,3 +84,20 @@ route = {{ network_settings.push_route }}
route = {{ route }}
{% endfor %}
{% endif %}
+
+{% if http_security_headers is defined %}
+# HTTP security headers
+included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains
+included-http-headers = X-Frame-Options: deny
+included-http-headers = X-Content-Type-Options: nosniff
+included-http-headers = Content-Security-Policy: default-src ´none´
+included-http-headers = X-Permitted-Cross-Domain-Policies: none
+included-http-headers = Referrer-Policy: no-referrer
+included-http-headers = Clear-Site-Data: "cache","cookies","storage"
+included-http-headers = Cross-Origin-Embedder-Policy: require-corp
+included-http-headers = Cross-Origin-Opener-Policy: same-origin
+included-http-headers = Cross-Origin-Resource-Policy: same-origin
+included-http-headers = X-XSS-Protection: 0
+included-http-headers = Pragma: no-cache
+included-http-headers = Cache-control: no-store, no-cache
+{% endif %}