From 7e3b04d5f9ac0c7c1c0ab1b0e19a2271706a323d Mon Sep 17 00:00:00 2001 From: Shayna Atkinson Date: Mon, 2 Oct 2023 20:41:07 +0000 Subject: [PATCH] add CSP headers to Apache Config (CO-2705) --- comanage-registry-base/apache-include-virtual-host-port443-base | 1 + .../apache-include-virtual-host-port80-redirect | 1 + comanage-registry-internet2-tier/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/comanage-registry-base/apache-include-virtual-host-port443-base b/comanage-registry-base/apache-include-virtual-host-port443-base index 999d08f..68650b1 100644 --- a/comanage-registry-base/apache-include-virtual-host-port443-base +++ b/comanage-registry-base/apache-include-virtual-host-port443-base @@ -7,6 +7,7 @@ RedirectMatch ^/$ /registry/ LogLevel warn Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" +Header always set Content-Security-Policy "frame-ancestors 'self';" SSLEngine on SSLProtocol all -SSLv2 -SSLv3 diff --git a/comanage-registry-base/apache-include-virtual-host-port80-redirect b/comanage-registry-base/apache-include-virtual-host-port80-redirect index 0e61457..f44c403 100644 --- a/comanage-registry-base/apache-include-virtual-host-port80-redirect +++ b/comanage-registry-base/apache-include-virtual-host-port80-redirect @@ -1,5 +1,6 @@ ServerName http://${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}:80 +Header set Content-Security-Policy "frame-ancestors 'self';" RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA] diff --git a/comanage-registry-internet2-tier/Dockerfile b/comanage-registry-internet2-tier/Dockerfile index 7b1390f..ad13df4 100644 --- a/comanage-registry-internet2-tier/Dockerfile +++ b/comanage-registry-internet2-tier/Dockerfile @@ -145,7 +145,7 @@ EXPOSE 80 443 # following line (to prevent other scripts from processing it). ##### ENV TIER_BEACON_OPT_OUT True -ENV TIER_RELEASE=230929 +ENV TIER_RELEASE=231002 ENV TIER_MAINTAINER=tier WORKDIR /srv/comanage-registry