Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ops files for valid x-frame-options settings
These mutually-exclusive ops files configure x-frame-options to help prevent clickjacking attacks.
- Loading branch information
1 parent
398b50e
commit 59b37b1
Showing
3 changed files
with
57 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # | ||
| # This operations file will configure atc to include this HTTP header: | ||
| # | ||
| # X-Frame-Options: allow-from https://example.com/ | ||
| # | ||
| # You can read more about this header and how it might help prevent | ||
| # clickjacking attacks [here][1]. | ||
| # | ||
| # [1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
| # | ||
| # The following URI parameter is required: | ||
| # | ||
| # x_frame_options_allow_from: <uri> | ||
| # | ||
| # It is mutually-exclusive with the other two x-frame-options*.yml | ||
| # operations files. | ||
| # | ||
| --- | ||
| - type: replace | ||
| path: /instance_groups/name=web/jobs/name=atc/properties/x_frame_options? | ||
| value: "allow ((x_frame_options_allow_from))" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # | ||
| # This operations file will configure atc to include this HTTP header: | ||
| # | ||
| # X-Frame-Options: deny | ||
| # | ||
| # You can read more about this header and how it might help prevent | ||
| # clickjacking attacks [here][1]. | ||
| # | ||
| # [1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
| # | ||
| # There are no configurable parameters associated with this | ||
| # operations file, and it is mutually-exclusive with the other two | ||
| # x-frame-options*.yml operations files. | ||
| # | ||
| --- | ||
| - type: replace | ||
| path: /instance_groups/name=web/jobs/name=atc/properties/x_frame_options? | ||
| value: "deny" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # | ||
| # This operations file will configure atc to include this HTTP header: | ||
| # | ||
| # X-Frame-Options: sameorigin | ||
| # | ||
| # You can read more about this header and how it might help prevent | ||
| # clickjacking attacks [here][1]. | ||
| # | ||
| # [1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
| # | ||
| # There are no configurable parameters associated with this | ||
| # operations file, and it is mutually-exclusive with the other two | ||
| # x-frame-options*.yml operations files. | ||
| # | ||
| --- | ||
| - type: replace | ||
| path: /instance_groups/name=web/jobs/name=atc/properties/x_frame_options? | ||
| value: "sameorigin" |