---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  headers:
    accessControlAllowHeaders:
    - '*'
    accessControlAllowMethods:
    - GET
    - OPTIONS
    - HEAD
    - PUT
    - POST
    accessControlAllowOriginList:
    - '*'
    accessControlMaxAge: 100
    browserXssFilter: true
    contentTypeNosniff: true
    frameDeny: true
    customRequestHeaders:
      X-Forwarded-Proto: https
    customResponseHeaders:
      server: ""
    forceSTSHeader: true
    referrerPolicy: same-origin
    sslForceHost: true
    sslRedirect: true
    stsSeconds: 63072000
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
  namespace: {{ $.Release.Namespace }}
spec:
  headers:
    accessControlAllowMethods:
      - GET
      - OPTIONS
      - HEAD
      - PUT
    accessControlMaxAge: 100
    sslRedirect: true
    stsSeconds: 63072000
    # stsIncludeSubdomains: false
    # stsPreload: false
    forceSTSHeader: true
    contentTypeNosniff: true
    browserXssFilter: true
    sslForceHost: true
    referrerPolicy: same-origin
    contentSecurityPolicy: frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests​
    customRequestHeaders:
      X-Forwarded-Proto: "https"
    customResponseHeaders:
      server: ''