Setup secure headers annotations for OpenDesk
Add annotations on OpenDesk for some security headers that are not implemented for full implementation of APP.3.1 Web Applications and Web Services:
-
CSP rules annotations, an initial rule can be: "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem 'self' 'unsafe-inline' blob:; script-src-attr 'self' 'unsafe-inline' blob:;"
-
HSTS Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
-
Check if it is possible to set up X-Content-Type-Options. -
Other possible headers.
We need to provide annotations for Nginx and HAProxy ingress that are supported on OpenDesk.
Maybe its possible to put this headers by default on Helm Chart, but possibly, we need to provide ways to customize and disable for other use cases.
Edited by Guilherme Sautner