From: Bastian Gutschke Date: Wed, 19 Jul 2017 14:35:49 +0000 (+0200) Subject: bkkvbu: disable X-XSS-Protection (set via application) X-Git-Tag: v0.1.0~2666^2~88^2~4^2 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=60b239e2d76e53d8c59b77c48e1f370bfdaa0c19;p=pixelpark%2Fhiera.git bkkvbu: disable X-XSS-Protection (set via application) --- diff --git a/customer/bkk-vbu/dev-web01-meine-krankenkasse-de.pixelpark.net.yaml b/customer/bkk-vbu/dev-web01-meine-krankenkasse-de.pixelpark.net.yaml index 2131bd36..ea097d49 100644 --- a/customer/bkk-vbu/dev-web01-meine-krankenkasse-de.pixelpark.net.yaml +++ b/customer/bkk-vbu/dev-web01-meine-krankenkasse-de.pixelpark.net.yaml @@ -43,7 +43,8 @@ infra::profile::apache::pp_vhosts: headers: - 'always unset "X-Powered-By"' - 'set X-Content-Type-Options: nosniff' - - 'set X-XSS-Protection: "1; mode=block"' + # X-XSS-Protection set by helmetjs (https://helmetjs.github.io/) + # - 'set X-XSS-Protection: "1; mode=block"' - 'set X-Frame-Options: "ALLOW-FROM https://dev-cms01-meine-krankenkasse-de.pixelpark.net"' - "set Content-Security-Policy: \"default-src 'self'; img-src 'self' webstats.pixelpark.com bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com data:; font-src 'self' bkk-vorteilsrechner.de; style-src 'self' 'unsafe-inline' bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com; script-src 'self' 'unsafe-inline' webstats.pixelpark.com bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com; child-src 'self' bkk-vorteilsrechner.de www.youtube-nocookie.com player.vimeo.com; frame-ancestors 'self'\"" - "set X-Content-Security-Policy: \"default-src 'self'; img-src 'self' webstats.pixelpark.com bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com data:; font-src 'self' bkk-vorteilsrechner.de; style-src 'self' 'unsafe-inline' bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com; script-src 'self' 'unsafe-inline' webstats.pixelpark.com bkk-vorteilsrechner.de s.ytimg.com f.vimeocdn.com; child-src 'self' bkk-vorteilsrechner.de www.youtube-nocookie.com player.vimeo.com; frame-ancestors 'self'\""