60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
|
---
|
|||
|
|
apiVersion: traefik.io/v1alpha1
|
|||
|
|
kind: Middleware
|
|||
|
|
metadata:
|
|||
|
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
|
|||
|
|
namespace: {{ $.Release.Namespace }}
|
|||
|
|
spec:
|
|||
|
|
headers:
|
|||
|
|
accessControlAllowHeaders:
|
|||
|
|
- '*'
|
|||
|
|
accessControlAllowMethods:
|
|||
|
|
- GET
|
|||
|
|
- OPTIONS
|
|||
|
|
- HEAD
|
|||
|
|
- PUT
|
|||
|
|
- POST
|
|||
|
|
accessControlAllowOriginList:
|
|||
|
|
- '*'
|
|||
|
|
accessControlMaxAge: 100
|
|||
|
|
browserXssFilter: true
|
|||
|
|
contentTypeNosniff: true
|
|||
|
|
frameDeny: true
|
|||
|
|
customRequestHeaders:
|
|||
|
|
X-Forwarded-Proto: https
|
|||
|
|
customResponseHeaders:
|
|||
|
|
server: ""
|
|||
|
|
forceSTSHeader: true
|
|||
|
|
referrerPolicy: same-origin
|
|||
|
|
sslForceHost: true
|
|||
|
|
sslRedirect: true
|
|||
|
|
stsSeconds: 63072000
|
|||
|
|
---
|
|||
|
|
apiVersion: traefik.io/v1alpha1
|
|||
|
|
kind: Middleware
|
|||
|
|
metadata:
|
|||
|
|
name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
|
|||
|
|
namespace: {{ $.Release.Namespace }}
|
|||
|
|
spec:
|
|||
|
|
headers:
|
|||
|
|
accessControlAllowMethods:
|
|||
|
|
- GET
|
|||
|
|
- OPTIONS
|
|||
|
|
- HEAD
|
|||
|
|
- PUT
|
|||
|
|
accessControlMaxAge: 100
|
|||
|
|
sslRedirect: true
|
|||
|
|
stsSeconds: 63072000
|
|||
|
|
# stsIncludeSubdomains: false
|
|||
|
|
# stsPreload: false
|
|||
|
|
forceSTSHeader: true
|
|||
|
|
contentTypeNosniff: true
|
|||
|
|
browserXssFilter: true
|
|||
|
|
sslForceHost: true
|
|||
|
|
referrerPolicy: same-origin
|
|||
|
|
contentSecurityPolicy: frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests
|
|||
|
|
customRequestHeaders:
|
|||
|
|
X-Forwarded-Proto: "https"
|
|||
|
|
customResponseHeaders:
|
|||
|
|
server: ''
|