Improved security headers?

shade73 · May 15, 2018, 11:51:22 PM

Is it possible to add the following security headers to web GUI?

X-Content-Type-Options
X-XSS-Protection
X-Frame-Options
Content-Security-Policy

or as wishlist for future updates :)

franco · May 17, 2018, 08:23:22 AM

Fabian submitted a recently merged PR via: https://github.com/opnsense/core/pull/2212

There's a bit of discussion. It'll be in 18.7 for sure. Right now we are trying to give it a bit of exposure in the beta in order to see if it has issues.

If anything is missing please discuss via GitHub.

Thanks,
Franco

shade73 · May 17, 2018, 12:57:49 PM

Great, thanks :)

Improved security headers?

shade73

May 15, 2018, 11:51:22 PM Last Edit: May 17, 2018, 12:57:19 PM by shade73

franco

May 17, 2018, 08:23:22 AM #1

shade73

May 17, 2018, 12:57:49 PM #2