From 01efc500055e8e2a6a48f6687f8aad623fa5aaa2 Mon Sep 17 00:00:00 2001
From: sambufe <samuel.bufe@publicispixelpark.de>
Date: Wed, 31 May 2017 11:18:13 +0200
Subject: [PATCH] FBBKERNSERV-193

---
 customer/fbb-ws/dev-ws-fbb.pixelpark.net.yaml   | 4 ++++
 customer/fbb-www/dev-www-fbb.pixelpark.net.yaml | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/customer/fbb-ws/dev-ws-fbb.pixelpark.net.yaml b/customer/fbb-ws/dev-ws-fbb.pixelpark.net.yaml
index c7821e01..3c487803 100644
--- a/customer/fbb-ws/dev-ws-fbb.pixelpark.net.yaml
+++ b/customer/fbb-ws/dev-ws-fbb.pixelpark.net.yaml
@@ -55,6 +55,10 @@ infra::profile::apache::pp_vhosts:
     setenv:
       - AIRLINE_DATA /www/data/fiona/app/online/docs/_airlines/index.php
       - POI_CMS_EXPORT_FILE /www/data/fiona/app/online/docs/poiExport/index.php
+    headers:
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - provider: 'directory'
         path: "/var/www/webservice/web"
diff --git a/customer/fbb-www/dev-www-fbb.pixelpark.net.yaml b/customer/fbb-www/dev-www-fbb.pixelpark.net.yaml
index a384d23c..0c03d18b 100644
--- a/customer/fbb-www/dev-www-fbb.pixelpark.net.yaml
+++ b/customer/fbb-www/dev-www-fbb.pixelpark.net.yaml
@@ -38,6 +38,8 @@ php::settings:
 
 apache::default_vhost: false
 
+
+
 infra::profile::apache::htdigest:
   server:
     www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAQkzCNaKrUkNv5Jeq7Ebr53aJX3KDt5n9kI7yy050w71v1LrpdAkkESTZeuKLLjswjcMC5ICL5wMSwn+7aj6Gcn259EECdsVZydD/VMsSHEVN3aLUrByNuM4+mFpK0Jthi0hi8zqcej5e3mdQPiT6gcfai29htoPHS23zruLnNIkmJ62tpcWaGrYp+eXVVm522jbmL/+oewNv/6YFUrYBPXdomznkC/ReGB1YG/fbz3Vt5UaWFbZ19+8YxHHMlT5nyvkGNsWhVKKeSDgacDLJ9Gr0zw/iFs1lLojEGt9HarRYWtSGt5PbhhYLxtt75OLU+BA0q/gZTbGiHvguQ2rwqjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCIaKd8NKWcQ5fw1bElllIogBDy3gDC0xHpz9Zxv4+6nRST]
@@ -52,6 +54,10 @@ infra::profile::apache::pp_vhosts:
     setenv:
       - AIRLINE_DATA /www/data/fiona/app/online/docs/_airlines/index.php
       - POI_CMS_EXPORT_FILE /www/data/fiona/app/online/docs/poiExport/index.php
+    headers:
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Frame-Options: DENY'
     directories:
       - provider: 'directory'
         path: "/var/www/berlin-airport/web"
-- 
2.39.5