Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 8124e67d6c2f42980a42d46b2d42a4af40640ff0
https://github.com/tribe29/checkmk/commit/8124e67d6c2f42980a42d46b2d42a4af4…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2021-10-15 (Fri, 15 Oct 2021)
Changed paths:
A .werks/13194
M omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
Log Message:
-----------
13194 Add several security headers
This adds the following security headers:
LI:<tt>X-Frame-Options: sameorigin</tt> Only websites hosted on the same
domain are allowed to include CMK as an frame. The
<i>Content-Security-Policy</i> already constrains this.
LI:<tt>X-XSS-Protection: 1; mode=block</tt> Enables the browser buitin XSS
protection.
LI:<tt>X-Permitted-Cross-Domain-Policies: none</tt> We do not ship
cross-domain policies so we disable them with this header.
LI:<tt>Referrer-Policy: origin-when-cross-origin</tt> Only send the origin as
Referer to other sites.
CMK-8555
Change-Id: Ief897a26e74274b7ad97213999b1935f87a52ca7