From 45f28ec33b28b5c45cc268e39bf174b8cd2d7c87 Mon Sep 17 00:00:00 2001
From: rjshrjndrn <rjshrjndrn@gmail.com>
Date: Tue, 19 Sep 2023 18:26:52 +0200
Subject: [PATCH] feat(ingress): Hardening security headers

Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
---
 scripts/helmcharts/vars.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/helmcharts/vars.yaml b/scripts/helmcharts/vars.yaml
index 4b3a16962..66b4078e4 100644
--- a/scripts/helmcharts/vars.yaml
+++ b/scripts/helmcharts/vars.yaml
@@ -72,6 +72,12 @@ ingress-nginx: &ingress-nginx
   # -- For backwards compatibility with ingress.class annotation, use ingressClass.
   # Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation
     ingressClass: openreplay
+    addHeaders:
+      # Enable only if you know what you're doing!!!
+      # X-Frame-Options: "DENY"
+      X-XSS-Protection: "1; mode=block"
+      X-Content-Type-Options: "nosniff"
+      Referrer-Policy: "same-origin"
     service:
       externalTrafficPolicy: "Local"
       ports: