summaryrefslogtreecommitdiff
path: root/data/templates/ocserv
diff options
context:
space:
mode:
authorfett0 <fernando.gmaidana@gmail.com>2023-12-15 18:39:29 +0000
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2023-12-16 14:48:23 +0000
commit5a2952709380263d19995a8e5db1177f59a86095 (patch)
tree840925768a59213060be53a25b83acaf0f0ebf0d /data/templates/ocserv
parent9afd896937ba25dcbc03c6b217e08fcd80494c08 (diff)
downloadvyos-1x-5a2952709380263d19995a8e5db1177f59a86095.tar.gz
vyos-1x-5a2952709380263d19995a8e5db1177f59a86095.zip
ocserv: T5796: add CLI knob "http-security-headers"
OCserv manual recommended HTTP headers tobe included in the configuration. (cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c) (cherry picked from commit 24f449cc099703df95646c719e9d3f308ed1a3f0)
Diffstat (limited to 'data/templates/ocserv')
-rw-r--r--data/templates/ocserv/ocserv_config.j25
1 files changed, 3 insertions, 2 deletions
diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index 80ba357bc..713ca7fd4 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -121,12 +121,12 @@ select-group = {{ grp }}
{% endfor %}
{% endif %}
-
+{% if http_security_headers is vyos_defined %}
# HTTP security headers
included-http-headers = Strict-Transport-Security: max-age=31536000 ; includeSubDomains
included-http-headers = X-Frame-Options: deny
included-http-headers = X-Content-Type-Options: nosniff
-included-http-headers = Content-Security-Policy: default-src ´none´
+included-http-headers = Content-Security-Policy: default-src 'none'
included-http-headers = X-Permitted-Cross-Domain-Policies: none
included-http-headers = Referrer-Policy: no-referrer
included-http-headers = Clear-Site-Data: "cache","cookies","storage"
@@ -136,3 +136,4 @@ included-http-headers = Cross-Origin-Resource-Policy: same-origin
included-http-headers = X-XSS-Protection: 0
included-http-headers = Pragma: no-cache
included-http-headers = Cache-control: no-store, no-cache
+{% endif %}