fix: fix security headers and remote resources

SocialGouv · Sep 13, 2023 · 2840b6b · 2840b6b
1 parent 35bda83
commit 2840b6b
Show file tree

Hide file tree

Showing 4 changed files with 649 additions and 451 deletions.
diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
@@ -2,7 +2,15 @@ global:
   imageProject: 1000jours
 
 app:
+  ~chart: app
   securityContext:
     fsGroup: 101
     runAsGroup: 101
     runAsUser: 101
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/configuration-snippet: |
+        more_set_headers "Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr; font-src 'self'; img-src 'self'; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://*.gouv.fr; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'";
+        more_set_headers "X-Frame-Options: sameorigin";
+        more_set_headers "X-XSS-Protection: 1; mode=block";
+        more_set_headers "X-Content-Type-Options: nosniff";