Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114
fleet/server
History
Roberto Dip 4042f8d826
add browser-related security headers to HTML responses (#8180) 
related to #8031, this adds the following headers to HTML responses:

- Strict-Transport-Security: informs browsers that the site should only
  be accessed using HTTPS, and that any future attempts to access it
  using HTTP should automatically be converted to HTTPS.
- X-Frames-Options: disallows embedding the UI in other sites via
  <frame>, <iframe>, <embed> or <object>, which can prevent attacks like
  clickjacking.
- X-Content-Type-Options: prevents browsers from trying to guess the MIME
  type which can cause browsers to transform non-executable content into
  executable content.
- Referrer-Policy: prevents leaking the origin of the referrer in the
  Referer.

additionally, this ensures we set `X-Content-Type-Options` for CSV and
installer responses.
2022-10-12 10:19:21 -03:00
..
authz Add Apple MDM functionality (#7940) 2022-10-05 19:53:54 -03:00
bindata Allow users to be readded if they were ever removed (#1945) 2021-09-07 13:33:40 -03:00
config Add Apple MDM functionality (#7940) 2022-10-05 19:53:54 -03:00
contexts Add logging to capture user email upon successful login (#7927) 2022-09-27 16:32:46 -03:00
datastore Add inherited policies to the team's list policies response payload (#8068) 2022-10-12 08:35:36 -04:00
errorstore report error analytics (#6341) 2022-06-28 16:31:14 -03:00
fleet Add inherited policies to the team's list policies response payload (#8068) 2022-10-12 08:35:36 -04:00
health Separate health checks for MySQL and Redis (#6468) 2022-07-01 08:08:03 -03:00
launcher Upgrade osquery-go (#4728) 2022-03-23 12:15:37 -03:00
live_query Bump go to 1.19.1 (#7690) 2022-09-12 20:32:43 -03:00
logging test: use T.TempDir to create temporary test directory (#6080) 2022-06-13 10:20:38 -03:00
mail update copyright year in core product transactional email templates (#3549) 2022-01-01 12:41:32 -06:00
mdm/apple Add Apple MDM functionality (#7940) 2022-10-05 19:53:54 -03:00
mock Add inherited policies to the team's list policies response payload (#8068) 2022-10-12 08:35:36 -04:00
policies Refactor webhooks cron to new schedule package (#7840) 2022-09-20 14:26:36 -05:00
ptr Feature 7077: Add MSRC feed parser (#7424) 2022-08-30 16:39:50 -04:00
pubsub Migrate team-related endpoints to new pattern (#3740) 2022-01-19 10:52:14 -05:00
service add browser-related security headers to HTML responses (#8180) 2022-10-12 10:19:21 -03:00
sso Bump go to 1.19.1 (#7690) 2022-09-12 20:32:43 -03:00
test 7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
vulnerabilities Fixed bug with duplicated vulnerabilities (#8089) 2022-10-05 19:48:37 -04:00
webhooks 7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
websocket improve error handling in vulnerabilities cron (#7276) 2022-08-18 16:53:58 -03:00
worker 7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
utils.go Modify /server/utils to handle all 2xx codes as POST success (#3534) 2021-12-30 16:00:10 -06:00