-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Security headers #4154
Update Security headers #4154
Conversation
part of FlowFuse/security#90 Also redirect to HTTPS if base url is set to https
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4154 +/- ##
==========================================
- Coverage 78.76% 78.62% -0.14%
==========================================
Files 286 286
Lines 13053 13097 +44
Branches 2910 2926 +16
==========================================
+ Hits 10281 10298 +17
- Misses 2772 2799 +27
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Reverted the http->https change as this can be done at the K8s/Ingress level and it broke the container liveness check |
fixes FlowFuse/secutiry#90
Description
Enables redirect to HTTPS for HTTP requestsimg-src
,script-src
&connect-src
Related Issue(s)
FlowFuse/secutiry#90
Checklist
flowforge.yml
?FlowFuse/helm
to update ConfigMap TemplateFlowFuse/CloudProject
to update values for Staging/ProductionLabels
area:migration
label