changeset 111:501afb45ffc7 puppet-3.6

Make sure that HTTPS redirects have the full set of headers
author IBBoard <dev@ibboard.co.uk>
date Sat, 04 Jun 2016 14:05:14 +0100
parents be2b30b17a4c
children 5967c1b18860
files modules/website/manifests/https/redir.pp
diffstat 1 files changed, 6 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/modules/website/manifests/https/redir.pp	Tue May 31 22:02:15 2016 +0100
+++ b/modules/website/manifests/https/redir.pp	Sat Jun 04 14:05:14 2016 +0100
@@ -89,6 +89,11 @@
     $group = $docroot_group
   }
 
+  $custom_conf = 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
+Header always set X-Xss-Protection "1; mode=block"
+Header always set X-Content-Type-Options "nosniff"
+Header always set X-Frame-Options "SAMEORIGIN"'
+
   apache::vhost { $name:
     ip              => $ip,
     port            => '443',
@@ -97,7 +102,7 @@
     docroot_group   => $group,
     redirect_status => 'permanent',
     redirect_dest   => $redir,
-    custom_fragment => 'Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"',
+    custom_fragment => $custom_conf,
     logroot         => '/var/log/apache/',
     access_log_file => "access_${logpart}${log_extra}.log",
     error_log_file  => "error_${logpart}${log_extra}.log",