T5796:add/fixed OCSERV HTTP security headers

(cherry picked from commit db51546edd653d3637cb26d6957ce5222d44d395)
author: fett0 <fernando.gmaidana@gmail.com> 2023-12-02 12:11:56 +0000
committer: Mergify <37929162+mergify[bot]@users.noreply.github.com> 2023-12-02 17:33:26 +0000
commit: 8fbe7b60592e7a35be9016d54038a5ca89c2e92b (patch)
tree: c0e03562375387c5e8d28aceb8550447c53cae6e /data/templates/ocserv/ocserv_config.j2
parent: e0a6f8fa7ef186c77bd87c1a068bc365996e1195 (diff)
download: vyos-1x-8fbe7b60592e7a35be9016d54038a5ca89c2e92b.tar.gz
vyos-1x-8fbe7b60592e7a35be9016d54038a5ca89c2e92b.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 1401b8b26..80ba357bc 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -119,4 +119,20 @@ split-dns = {{ tmp }}
 {%     for grp in authentication.group %}
 select-group = {{ grp }}
 {%     endfor %}
-{% endif %}
-\ No newline at end of file
+{% endif %}
+
+
+# HTTP security headers
+included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains
+included-http-headers = X-Frame-Options: deny
+included-http-headers = X-Content-Type-Options: nosniff
+included-http-headers = Content-Security-Policy: default-src ´none´
+included-http-headers = X-Permitted-Cross-Domain-Policies: none
+included-http-headers = Referrer-Policy: no-referrer
+included-http-headers = Clear-Site-Data: "cache","cookies","storage"
+included-http-headers = Cross-Origin-Embedder-Policy: require-corp
+included-http-headers = Cross-Origin-Opener-Policy: same-origin
+included-http-headers = Cross-Origin-Resource-Policy: same-origin
+included-http-headers = X-XSS-Protection: 0
+included-http-headers = Pragma: no-cache
+included-http-headers = Cache-control: no-store, no-cache
author	fett0 <fernando.gmaidana@gmail.com>	2023-12-02 12:11:56 +0000
committer	Mergify <37929162+mergify[bot]@users.noreply.github.com>	2023-12-02 17:33:26 +0000
commit	8fbe7b60592e7a35be9016d54038a5ca89c2e92b (patch)
tree	c0e03562375387c5e8d28aceb8550447c53cae6e /data/templates/ocserv/ocserv_config.j2
parent	e0a6f8fa7ef186c77bd87c1a068bc365996e1195 (diff)
download	vyos-1x-8fbe7b60592e7a35be9016d54038a5ca89c2e92b.tar.gz vyos-1x-8fbe7b60592e7a35be9016d54038a5ca89c2e92b.zip