Cinder

Secure cinder with http security headers

Registered by Nishant Kumar

Add http security headers to cinder/api/openstack/wsgi.py while rendering response. The http response can be updated with additional security headers if the response has the attribute "headers". This will help in strengthening the security for cinder and provide protection against various security breaches.
HTTP Security headers that can be added :
    { 'X-Content-Type-Options': 'nosniff',
    'Strict-Transport-Security': 'max-age=63072000; includeSubDomains',
    'Content-Security-Policy': "script-src 'self'; object-src 'self'",
    'X-Frame-Options': 'DENY',
    'X-Permitted-Cross-Domain-Policies': 'none',
    'X-XSS-Protection': '1; mode=block',
}

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Nishant Kumar
Direction:
Needs approval
Assignee:
Nishant Kumar
Definition:
Discussion
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.