81a28142a0
Adds the following headers as static: X-Content-Type-Options "nosniff" X-XSS-Protection "1; mode=block" append Content-Security-Policy "default-src 'self' https: wss:;" nosniff prevents non-executable mime times from becoming executable. The X-XSS-Protection header will prevent the loading of a page if the browser detects an xss attack. The Content-Security-Policy declares what dynamic resources are allowed to load. Adds the following header as user-setable via the keystone_x_frame_options variable. X-Frame-Options "DENY" By default the X-Frame-Options header denies embedding in an iframe. Change-Id: Iadd3e93bdb7e9d41ae1d027196367448dbce19f1 Partial-Bug: 1717321 |
||
---|---|---|
.. | ||
keystone-credential-rotate.sh.j2 | ||
keystone-fernet-rotate.sh.j2 | ||
keystone-httpd-mpm.conf.j2 | ||
keystone-httpd.conf.j2 | ||
keystone-ports.conf.j2 | ||
keystone-systemd-tempfiles.j2 | ||
keystone-uwsgi.ini.j2 | ||
keystone-uwsgi_systemd-init.j2 | ||
keystone.conf.j2 | ||
keystone.domain.conf.j2 | ||
keystone_nginx.conf.j2 | ||
shibboleth-attribute-map.xml.j2 | ||
shibboleth2.xml.j2 |