Closed CathalOConnorRH closed 3 years ago
Pen testing requires HSTS header to be set.
Added helmet which enables hsts header
Security risk without HSTS header
Added Helmet to set HSTS header
Deploy operator from https://quay.io/repository/cathaloconnor/tutorial-web-app-operator?tab=tags and confirm solution explorer has HSTS strict header set.
@pb82 Would you be able to review this when you get a chance?
Motivation
Pen testing requires HSTS header to be set.
What
Added helmet which enables hsts header
Why
Security risk without HSTS header
How
Added Helmet to set HSTS header
Verification Steps
Deploy operator from https://quay.io/repository/cathaloconnor/tutorial-web-app-operator?tab=tags and confirm solution explorer has HSTS strict header set.
Checklist:
Progress
Additional Notes