This PR introduces an after_request hook to register security headers for every http response returned by PCM to improve the overall security posture.
Changes
A new flask extension has been introduced to register an after request function that manipulates every Response object to add security headers.
In development mode CORS is enabled so headers follow suite.
How Has This Been Tested?
This has been tested manually in a local environment and in a cloud environment in my personal account
PR Quality Checklist
[x] I added tests to new or existing code
[ ] I removed hardcoded strings and used our i18n solution instead (see here)
[x] I made sure no sensitive info gets logged at any time in the codebase (see here) (e.g. no user info or details, no stacktraces, etc.)
[ ] I checked that infrastructure/update_infrastructure.sh runs without any error
[x] I checked that npm run build builds without any error
[x] I checked that clusters are listed correctly
[x] I checked that a new cluster can be created (config is produced and dry run passes)
[x] I checked that login and logout work as expected
Description
This PR introduces an
after_requesthook to register security headers for every http response returned by PCM to improve the overall security posture.Changes
A new flask extension has been introduced to register an after request function that manipulates every
Responseobject to add security headers. In development mode CORS is enabled so headers follow suite.How Has This Been Tested?
This has been tested manually in a local environment and in a cloud environment in my personal account
PR Quality Checklist
i18nsolution instead (see here)npm run buildbuilds without any errorIn order to increase the likelihood of your contribution being accepted, please make sure you have read both the Contributing Guidelines and the Project Guidelines
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.