add CSP headers to Apache config (CO-2705)

docker · Oct 2, 2023 · ef71d19 · ef71d19
1 parent 3b4657d
commit ef71d19
Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/comanage-match-base/apache-include-virtual-host-port443-base b/comanage-match-base/apache-include-virtual-host-port443-base
@@ -7,6 +7,7 @@ RedirectMatch ^/$ /match/
 LogLevel warn
 
 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+Header set Content-Security-Policy "frame-ancestors 'self';"
 
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3

diff --git a/comanage-match-base/apache-include-virtual-host-port80-redirect b/comanage-match-base/apache-include-virtual-host-port80-redirect
@@ -1,5 +1,6 @@
 <VirtualHost *:80>
 ServerName http://${COMANAGE_MATCH_VIRTUAL_HOST_FQDN}:80
+Header set Content-Security-Policy "frame-ancestors 'self';"
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]

diff --git a/comanage-match-internet2-tap/Dockerfile b/comanage-match-internet2-tap/Dockerfile
@@ -141,7 +141,7 @@ EXPOSE 80 443
 # following line (to prevent other scripts from processing it).
 #####     ENV TIER_BEACON_OPT_OUT True
 
-ENV TIER_RELEASE=230929
+ENV TIER_RELEASE=231002
 ENV TIER_MAINTAINER=tier
 
 ENTRYPOINT ["docker-supervisord-entrypoint"]