openstack-ansible

  1. Bug #1717321
  2. Comment #8

Comment 8 for bug 1717321

OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_keystone (master)

Reviewed: https://review.openstack.org/507189
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_keystone/commit/?id=81a28142a065e07f16756b1bc4cfb68a98e0a2e9
Submitter: Zuul
Branch: master

commit 81a28142a065e07f16756b1bc4cfb68a98e0a2e9
Author: Matthew Thode <email address hidden>
Date: Mon Sep 25 11:08:21 2017 -0500

    Add security headers to web accessable services.

    Adds the following headers as static:

        X-Content-Type-Options "nosniff"
        X-XSS-Protection "1; mode=block"
        append Content-Security-Policy "default-src 'self' https: wss:;"

    nosniff prevents non-executable mime times from becoming executable.
    The X-XSS-Protection header will prevent the loading of a page if the
    browser detects an xss attack. The Content-Security-Policy declares
    what dynamic resources are allowed to load.

    Adds the following header as user-setable via the
    keystone_x_frame_options variable.

        X-Frame-Options "DENY"

    By default the X-Frame-Options header denies embedding in an iframe.

    Change-Id: Iadd3e93bdb7e9d41ae1d027196367448dbce19f1
    Partial-Bug: 1717321