]> Frank Brehm's Git Trees - pixelpark/hiera.git/commitdiff
projects / pixelpark / hiera.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d61cf37)
spd - add headers
authorPhilipp Dallig <philipp.dallig@pixelpark.com>
Tue, 19 Jan 2016 10:36:44 +0000 (11:36 +0100)
committerPhilipp Dallig <philipp.dallig@pixelpark.com>
Tue, 19 Jan 2016 10:36:44 +0000 (11:36 +0100)
customer/spd/development.yaml patch | blob | history

diff --git a/customer/spd/development.yaml b/customer/spd/development.yaml
index 411fd08c5026abf130f15ea3f724214192264852..b9d0474b1e2ae4584ad94e4e2ff11a240ea76378 100644 (file)
--- a/customer/spd/development.yaml
+++ b/customer/spd/development.yaml
@@ -24,6 +24,14 @@ site::profile::typo3::projects:
     ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
     ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
     ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    headers:
+      - 'set X-Frame-Options: sameorigin'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Content-Type-Options: nosniff'
+      - "set Content-Security-Policy: \"default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com; frame-src w.soundcloud.com player.vimeo.com www.youtube.com api.spendino.de storify.com; frame-ancestors 'self'\""
+      - "set X-Content-Security-Policy: \"default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com; frame-src w.soundcloud.com player.vimeo.com www.youtube.com api.spendino.de storify.com; frame-ancestors 'self'\""
+    headers_ssl:
+      - 'always set Strict-Transport-Security "max-age=31556926"'
     directories:
       - location1:
         provider: location
Unnamed repository; edit this file 'description' to name the repository.