CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add secure HTTP headers to all SO application responses to reduce exposure to browser and other HTTP-related vulnerabilities

Browse Source
This commit is contained in:
Jason Ertel
2021-05-21 17:27:00 -04:00
parent 36d13dd414
commit 71032150c5
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/nginx/etc/nginx.conf
View File

@@ -149,6 +149,12 @@ http {
root /opt/socore/html; root /opt/socore/html;
index index.html; index index.html;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self'";
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
ssl_certificate "/etc/pki/nginx/server.crt"; ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/server.key"; ssl_certificate_key "/etc/pki/nginx/server.key";
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;