diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-16 08:24:30 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-16 08:24:30 +0100 |
commit | e5fcf49f293ef25a2b2685a3ebd9ac9488946c3f (patch) | |
tree | 325c9c08a8de47a323de643aaf1c2c0b4e087bad /data | |
parent | b149a386400c0f869654ac26b0fee2e7f1bbc282 (diff) | |
parent | ad65d37ddf92ec8416c84707d7d41e63346b550c (diff) | |
download | vyos-1x-e5fcf49f293ef25a2b2685a3ebd9ac9488946c3f.tar.gz vyos-1x-e5fcf49f293ef25a2b2685a3ebd9ac9488946c3f.zip |
Merge pull request #2572 from fett0/T5796
T5796:backport-add/fixed OCSERV HTTP security headers
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/ocserv/ocserv_config.tmpl | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/data/templates/ocserv/ocserv_config.tmpl b/data/templates/ocserv/ocserv_config.tmpl index 8a394f0ac..3a27eb755 100644 --- a/data/templates/ocserv/ocserv_config.tmpl +++ b/data/templates/ocserv/ocserv_config.tmpl @@ -84,3 +84,20 @@ route = {{ network_settings.push_route }} route = {{ route }} {% endfor %} {% endif %} + +{% if http_security_headers is defined %} +# HTTP security headers +included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains +included-http-headers = X-Frame-Options: deny +included-http-headers = X-Content-Type-Options: nosniff +included-http-headers = Content-Security-Policy: default-src ´none´ +included-http-headers = X-Permitted-Cross-Domain-Policies: none +included-http-headers = Referrer-Policy: no-referrer +included-http-headers = Clear-Site-Data: "cache","cookies","storage" +included-http-headers = Cross-Origin-Embedder-Policy: require-corp +included-http-headers = Cross-Origin-Opener-Policy: same-origin +included-http-headers = Cross-Origin-Resource-Policy: same-origin +included-http-headers = X-XSS-Protection: 0 +included-http-headers = Pragma: no-cache +included-http-headers = Cache-control: no-store, no-cache +{% endif %} |