Mercurial > repos > other > Puppet

view modules/website/templates/https_core_conf.erb @ 236:4519b727cc4c puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make Content-Security-Policy cleaner and easier to set
author IBBoard <dev@ibboard.co.uk>
date Wed, 18 Dec 2019 21:22:50 +0000
parents c72d2b5f9be2
children 5a903aa91469
line wrap: on
line source

Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>"
Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>"
Header set X-Xss-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"

RewriteCond %{HTTP_HOST} !=<%= @primary_name %>
RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]