Closed kstych closed 2 years ago
This can be an issue for security?
Yes, but only cluster admins or namespace admins would have access to this router deployment object, right? So as long as they do not inject something malicious they do not understand, then this should fine for the threat model.
Hi ,
Some annotations eg
router.deis.io/nginx.gzip.disable
are not constrained and so it is possible to inject any custom configurationSample :
router.deis.io/nginx.gzip.disable: msie6 ; server_tokens off
This can be an issue for security?
Thankyou