Skip to content

Commit

Permalink
configuring the x-xss-protrction and csp header value
Browse files Browse the repository at this point in the history 
Signed-off-by: swatign <[email protected]>
  • Loading branch information
@swatiganesh
swatiganesh committed Jan 30, 2025
1 parent 4e726d6 commit 6d37234
Show file tree
Hide file tree
Showing 12 changed files with 340 additions and 270 deletions.
5 changes: 5 additions & 0 deletions api/config/builder_api_proxy/config_request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ func DefaultConfigRequest() *ConfigRequest {
c.V1.Sys.Http.SslProtocols = w.String("TLSv1.2 TLSv1.3")
c.V1.Sys.Http.SslCiphers = w.String(config.InternalCipherSuite)
c.V1.Sys.Http.SslVerifyDepth = w.Int32(2)
c.V1.Sys.Http.XXssProtection = w.String("1; mode=block")
return c
}

Expand Down Expand Up @@ -60,6 +61,10 @@ func (c *ConfigRequest) SetGlobalConfig(g *config.GlobalConfig) {
if logLevel := g.GetV1().GetLog().GetLevel().GetValue(); logLevel != "" {
c.V1.Sys.Log.Level.Value = config.GlobalLogLevelToNginxLevel(logLevel)
}

if xxssProtextion := g.GetV1().GetSys().GetNgx().GetHttp().XXssProtection; xxssProtextion != nil {
c.V1.Sys.Http.XXssProtection = xxssProtextion
}
}

// PrepareSystemConfig returns a system configuration that can be used
Expand Down
80 changes: 47 additions & 33 deletions api/config/builder_api_proxy/config_request.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions api/config/builder_api_proxy/config_request.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ message ConfigRequest {
google.protobuf.StringValue ssl_ciphers = 4;
google.protobuf.StringValue ssl_protocols = 5;
google.protobuf.Int32Value ssl_verify_depth = 6;
google.protobuf.StringValue x_xss_protection = 7;
}

message Web {
Expand Down
5 changes: 5 additions & 0 deletions api/config/load_balancer/config_request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ func DefaultConfigRequest() *ConfigRequest {
c.V1.Sys.Ngx.Http.ProxyBusyBuffersSize = w.String("16k")
c.V1.Sys.Ngx.Http.Ipv6Supported = w.Bool(ipV6Supported())
c.V1.Sys.StaticConfig.Products = []string{"automate"}
c.V1.Sys.Ngx.Http.XXssProtection = w.String("1; mode=block")
c.V1.Sys.Ngx.Http.ContentSecurityPolicy = w.String("default-src 'self';frame-ancestors 'self';")
return c
}

Expand Down Expand Up @@ -173,6 +175,9 @@ func (c *ConfigRequest) SetGlobalConfig(g *config.GlobalConfig) {
c.V1.Sys.Ngx.Http.IncludeXForwardedFor = xFwd
}

if xxssProtextion := g.GetV1().GetSys().GetNgx().GetHttp().XXssProtection; xxssProtextion != nil {
c.V1.Sys.Ngx.Http.XXssProtection = xxssProtextion
}
}

// PrepareSystemConfig returns a system configuration that can be used
Expand Down
Loading

0 comments on commit 6d37234

Please sign in to comment.