From ceeca742eaacce1fff9894a345a69a431f9efbfd Mon Sep 17 00:00:00 2001
From: Andreas Gerstenberg <gerstenberg@pixelpark.com>
Date: Tue, 19 Sep 2017 15:05:03 +0200
Subject: [PATCH] spk-spar-checker remove /api and add header

---
 customer/spk-spar-checker/production.yaml | 5 +++--
 customer/spk-spar-checker/test.yaml       | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml
index 5550c705..884f0214 100644
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -40,6 +40,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-XSS-Protection "1; mode=block"'
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
+      - 'always set Strict-Transport-Security: "max-age=15768001"'
 #      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
@@ -72,8 +73,8 @@ infra::profile::apache::pp_vhosts:
         auth_digest_algorithm: MD5
         auth_user_file: '/etc/httpd/htdigest'
         auth_require: 'valid-user'
-      - provider: location
-        path: '/api'
+#      - provider: location
+#        path: '/api'
       - provider: location
         path: '/sfp'
         auth_type: Digest
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml
index af2c8b49..d8f9e221 100644
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -38,6 +38,7 @@ infra::profile::apache::pp_vhosts:
       - 'always set X-XSS-Protection "1; mode=block"'
       - 'always set X-Frame-Options "SAMEORIGIN"'
       - 'always set X-Content-Type-Options "nosniff"'
+      - 'always set Strict-Transport-Security: "max-age=15768001"'
 #      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
     aliases:
       - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
@@ -70,8 +71,8 @@ infra::profile::apache::pp_vhosts:
         auth_digest_algorithm: MD5
         auth_user_file: '/etc/httpd/htdigest'
         auth_require: 'valid-user'
-      - provider: location
-        path: '/api'
+#      - provider: location
+#        path: '/api'
       - provider: location
         path: '/sfp'
         auth_type: Digest
-- 
2.39.5