INTLY-9766 Enable HSTS header - Githubissues

integr8ly / tutorial-web-app

Solution Explorer provides the front door into the Integreatly initiative. It hosts the various Solution Patterns, as well as providing a dashboard of installed applications/products/services.

Apache License 2.0

36 stars 54 forks source link

INTLY-9766 Enable HSTS header #618

Closed CathalOConnorRH closed 3 years ago

CathalOConnorRH commented 3 years ago

Motivation

Pen testing requires HSTS header to be set.

What

Added helmet which enables hsts header

Why

Security risk without HSTS header

How

Added Helmet to set HSTS header

Verification Steps

Deploy operator from https://quay.io/repository/cathaloconnor/tutorial-web-app-operator?tab=tags and confirm solution explorer has HSTS strict header set.

Checklist:

[ ] Code has been tested locally by PR requester
[ ] Changes have been successfully verified by another team member

Progress

[x] Finished task
[ ] TODO

Additional Notes

CathalOConnorRH commented 3 years ago

@pb82 Would you be able to review this when you get a chance?