search

concourse / prod

bosh/terraform config for our deployments
3 stars 5 forks source link

set x-frame-options header on k8s ci responses #41

Closed jamieklassen closed 4 years ago

jamieklassen commented 4 years ago

use the 'extra environment variables' thing in the helm chart to avoid the empty string issue.

kcmannem commented 4 years ago

it works,

~/w/h/d/with-creds (master) $ curlie https://nci.concourse-ci.org/
HTTP/2 200
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
content-length: 4081
date: Thu, 05 Dec 2019 16:53:09 GMT

notice how hush-house says deny cause we didnt specify this flag

~/w/h/d/with-creds (master) $ curlie https://hush-house.pivotal.io
HTTP/2 200
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8
content-length: 4081
date: Thu, 05 Dec 2019 16:55:09 GMT