mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
4042f8d826
related to #8031, this adds the following headers to HTML responses: - Strict-Transport-Security: informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. - X-Frames-Options: disallows embedding the UI in other sites via <frame>, <iframe>, <embed> or <object>, which can prevent attacks like clickjacking. - X-Content-Type-Options: prevents browsers from trying to guess the MIME type which can cause browsers to transform non-executable content into executable content. - Referrer-Policy: prevents leaking the origin of the referrer in the Referer. additionally, this ensures we set `X-Content-Type-Options` for CSV and installer responses. |
||
|---|---|---|
| .. | ||
| .keep | ||
| 7199-email-validation | ||
| 7517-token-rotation | ||
| 7588-add-new-missing_hosts-to-hosts-endpoint | ||
| 8031-security-headers | ||
| 8161-fix-kubequery-rows-check | ||
| bug-6970-missing-host-count-user-count | ||
| bug-direct-ingest-os-windows | ||
| bug-various-nvd-related | ||
| feature-7135-host-display-name | ||
| feature-7587-missing-30-days-count | ||
| handle-tcp-read-timeouts | ||
| issue-5785-update-live-query-state-on-query-and-policy-pages | ||
| issue-7062 | ||
| issue-7310-clarify-last-seen-last-fetched | ||
| issue-7377-agent-options-cli-flags-validation | ||
| issue-7420-config-panics | ||
| issue-7533-change-create-teams-suggestion | ||
| issue-7656-software-link-host-details-page | ||
| issue-7664-re-enrollment-cleanup | ||
| issue-7784-windows-release-id | ||
| issue-7796-status-now-query-param | ||
| issue-7878-keep-created-at-enroll-secrets | ||
| issue-7879-add-inherited-policies-for-teams | ||
| issue-7906-add-file-carving-to-permissions | ||
| issue-7989-delay-tooltip | ||
| issue-7992-login-dependency | ||