Mercurial > repos > other > Puppet
view modules/website/templates/https_core_conf.erb @ 236:4519b727cc4c puppet-3.6
Make Content-Security-Policy cleaner and easier to set
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Wed, 18 Dec 2019 21:22:50 +0000 |
parents | c72d2b5f9be2 |
children | 5a903aa91469 |
line wrap: on
line source
Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains" Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>" Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>" Header set X-Xss-Protection "1; mode=block" Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN" RewriteCond %{HTTP_HOST} !=<%= @primary_name %> RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]