AB#29203 openshift template changes #1387
Conversation
|
X-Frame-Options: SAMEORIGIN Purpose: Prevents your pages from being embedded in iframes on other domains (clickjacking protection). SAMEORIGIN: Allows embedding only from the same origin. X-Content-Type-Options: nosniff Purpose: Prevents browsers from MIME-sniffing a response away from the declared content-type. nosniff: Forces the browser to honor the declared Content-Type. Referrer-Policy: strict-origin-when-cross-origin Purpose: Controls how much referrer information is sent when navigating away from the site. Policy Behavior: Full referrer on same-origin requests, only origin on cross-origin, and no referrer when downgraded from HTTPS to HTTP. Content-Security-Policy: object-src 'none'; frame-ancestors 'none' Purpose: Restricts what content can be loaded or embedded. Directives: object-src 'none': Disallows loading plugins like Flash. frame-ancestors 'none': Disallows the page from being embedded in any frame, completely preventing clickjacking. |
Changed the default value of the DATABASE_BACKUP_KEEP parameter from 2 to 1 to ensures that only the most recent backup is retained when the deployment job runs, reducing OpenShift storage.