feat(ingress): Hardening security headers

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
2023-09-19 18:26:52 +02:00 · 2023-09-19 18:26:52 +02:00 · 45f28ec33b
commit 45f28ec33b
parent 644da8999a
1 changed files with 6 additions and 0 deletions
--- a/scripts/helmcharts/vars.yaml
+++ b/scripts/helmcharts/vars.yaml
@ -72,6 +72,12 @@ ingress-nginx: &ingress-nginx
  # -- For backwards compatibility with ingress.class annotation, use ingressClass.
  # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
    ingressClass: openreplay
+    addHeaders:
+      # Enable only if you know what you're doing!!!
+      # X-Frame-Options: "DENY"
+      X-XSS-Protection: "1; mode=block"
+      X-Content-Type-Options: "nosniff"
+      Referrer-Policy: "same-origin"
    service:
      externalTrafficPolicy: "Local"
      ports: