[gimp-web/oscp] docs.gimp.org: add noframe, no-xss and no-sniff security headers
- From: Michael Schumacher <schumaml src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp-web/oscp] docs.gimp.org: add noframe, no-xss and no-sniff security headers
- Date: Tue, 19 May 2020 17:40:06 +0000 (UTC)
commit 97130f2325da104c10e8b23e6209e5a743f7f9c3
Author: Michael Schumacher <schumaml gmx de>
Date: Tue May 19 19:39:19 2020 +0200
docs.gimp.org: add noframe, no-xss and no-sniff security headers
.../httpd/app_data/httpd-cfg/docs.gimp.org.conf | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
---
diff --git a/docs.gimp.org/httpd/app_data/httpd-cfg/docs.gimp.org.conf
b/docs.gimp.org/httpd/app_data/httpd-cfg/docs.gimp.org.conf
index 23b422ca..cdf08e37 100644
--- a/docs.gimp.org/httpd/app_data/httpd-cfg/docs.gimp.org.conf
+++ b/docs.gimp.org/httpd/app_data/httpd-cfg/docs.gimp.org.conf
@@ -5,7 +5,24 @@
ServerAdmin webmaster gimp org
DocumentRoot /docs_data/docs
- Header always unset Content-Security-Policy
+ Header always unset Content-Security-Policy
+
+ ##
+ # Headers relevant to security
+ ##
+
+ # Only connect to this site via HTTPS for the next year (recommended)
+ Header always set Strict-Transport-Security "max-age=31536000"
+
+ # Only allow my site to frame itself
+ Header always set X-Frame-Options "SAMEORIGIN"
+
+ # Block pages from loading when they detect reflected XSS attacks
+ Header always set X-XSS-Protection "1; mode=block"
+
+ # Prevent browsers from incorrectly detecting non-scripts as scripts
+ Header always set X-Content-Type-Options "nosniff"
+
</VirtualHost>
<Location />
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]