spk-spar-checker remove /api and add header

author Andreas Gerstenberg <gerstenberg@pixelpark.com>

Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)

committer Andreas Gerstenberg <gerstenberg@pixelpark.com>

Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)
author Andreas Gerstenberg <gerstenberg@pixelpark.com>
Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)
committer Andreas Gerstenberg <gerstenberg@pixelpark.com>
Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)
diff --git a/customer/spk-spar-checker/production.yaml b/customer/spk-spar-checker/production.yaml

index 5550c705044a1b2e69883ae95768f390e35bfcd3..884f02144cac55c593b9fbd0e52225760fbde903 100644 (file)
--- a/customer/spk-spar-checker/production.yaml
+++ b/customer/spk-spar-checker/production.yaml
@@ -40,6 +40,7 @@ infra::profile::apache::pp_vhosts:
        - 'always set X-XSS-Protection "1; mode=block"'
        - 'always set X-Frame-Options "SAMEORIGIN"'
        - 'always set X-Content-Type-Options "nosniff"'
+      - 'always set Strict-Transport-Security: "max-age=15768001"'
  #      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
      aliases:
        - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
@@ -72,8 +73,8 @@ infra::profile::apache::pp_vhosts:
          auth_digest_algorithm: MD5
          auth_user_file: '/etc/httpd/htdigest'
          auth_require: 'valid-user'
-      - provider: location
-        path: '/api'
+#      - provider: location
+#        path: '/api'
        - provider: location
          path: '/sfp'
          auth_type: Digest
diff --git a/customer/spk-spar-checker/test.yaml b/customer/spk-spar-checker/test.yaml

index af2c8b49594bdd1175cab906fe7fba284da18348..d8f9e221c4b232f5d279de4baf2652e5063577e1 100644 (file)
--- a/customer/spk-spar-checker/test.yaml
+++ b/customer/spk-spar-checker/test.yaml
@@ -38,6 +38,7 @@ infra::profile::apache::pp_vhosts:
        - 'always set X-XSS-Protection "1; mode=block"'
        - 'always set X-Frame-Options "SAMEORIGIN"'
        - 'always set X-Content-Type-Options "nosniff"'
+      - 'always set Strict-Transport-Security: "max-age=15768001"'
  #      - "set Content-Security-Policy \"default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' https://webfonts.sparkasse.de 'unsafe-inline' ; font-src 'self' data: https://webfonts.sparkasse.de ; img-src 'self' data: ;\""
      aliases:
        - { alias: /api , path: /var/www/spar-checker/sparchecker-backend/public/api }
@@ -70,8 +71,8 @@ infra::profile::apache::pp_vhosts:
          auth_digest_algorithm: MD5
          auth_user_file: '/etc/httpd/htdigest'
          auth_require: 'valid-user'
-      - provider: location
-        path: '/api'
+#      - provider: location
+#        path: '/api'
        - provider: location
          path: '/sfp'
          auth_type: Digest
author	Andreas Gerstenberg <gerstenberg@pixelpark.com>
	Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)
committer	Andreas Gerstenberg <gerstenberg@pixelpark.com>
	Tue, 19 Sep 2017 13:05:03 +0000 (15:05 +0200)
customer/spk-spar-checker/production.yaml		patch \| blob \| history
customer/spk-spar-checker/test.yaml		patch \| blob \| history