mrparkers
commented
3 years ago Hey @burkhat, this should be available via the security_defenses argument: https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/realm#security-defenses. Let me know if you're looking for something else and we can re-open this issue.
Hello together,
since Keycloak 12.x it is necessary to set the referrer-policy in the BrowserSecurityHeaders of a REALM. At the moment it is only possible to set it via the REST-API, see https://issues.redhat.com/browse/KEYCLOAK-17306?_sscc=t
It would be very helpful if it is possible to expand the terraform REALM modul that this policy can be set via terraform.
type BrowserSecurityHeaders struct { ContentSecurityPolicy string
json:"contentSecurityPolicy"ContentSecurityPolicyReportOnly stringjson:"contentSecurityPolicyReportOnly"StrictTransportSecurity stringjson:"strictTransportSecurity"XContentTypeOptions stringjson:"xContentTypeOptions"XFrameOptions stringjson:"xFrameOptions"XRobotsTag stringjson:"xRobotsTag"XXSSProtection stringjson:"xXSSProtection"}Regards Tobias