Skip to content

Commit 55f3b75

Browse files
JJGadgetsJJGadgets
committed
fix(envoy/external): add headers if not present
1 parent b448b3b commit 55f3b75

1 file changed

Lines changed: 5 additions & 82 deletions

File tree

kube/deploy/core/ingress/envoy-gateway/gateways/external.yaml

Lines changed: 5 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -60,85 +60,6 @@ spec:
6060
name: envoy
6161
namespace: ingress
6262
---
63-
# yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
64-
apiVersion: gateway.networking.k8s.io/v1
65-
kind: HTTPRoute
66-
metadata:
67-
name: envoy-external
68-
namespace: ingress
69-
annotations:
70-
external-dns.alpha.kubernetes.io/controller: none
71-
spec:
72-
parentRefs:
73-
- name: envoy-external
74-
namespace: ingress
75-
sectionName: external
76-
rules:
77-
- filters:
78-
- type: ResponseHeaderModifier
79-
responseHeaderModifier:
80-
set:
81-
- name: X-Robots-Tag
82-
value: "noindex, nofollow" # anti search engines
83-
- name: Cache-Control
84-
value: "no-store" # don't store caches
85-
- name: X-Frame-Options
86-
value: "DENY"
87-
- name: X-Content-Type-Options
88-
value: "nosniff"
89-
- name: X-XSS-Protection
90-
value: "1; mode=block"
91-
- name: Referrer-Policy
92-
value: "no-referrer"
93-
- name: X-DNS-Prefetch-Control
94-
value: "off"
95-
- name: Permissions-Policy
96-
value: "interest-cohort=()" # anti Google FLoC
97-
- name: Cross-Origin-Opener-Policy
98-
value: "same-origin"
99-
- name: Cross-Origin-Resource-Policy
100-
value: "same-site"
101-
- name: Cross-Origin-Embedder-Policy
102-
value: "require-corp"
103-
---
104-
# yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.networking.k8s.io/httproute_v1.json
105-
apiVersion: gateway.networking.k8s.io/v1
106-
kind: HTTPRoute
107-
metadata:
108-
name: envoy-public
109-
namespace: ingress
110-
annotations:
111-
external-dns.alpha.kubernetes.io/controller: none
112-
spec:
113-
parentRefs:
114-
- name: envoy-external
115-
namespace: ingress
116-
sectionName: public
117-
# hostnames: ["*.jjgadgets.tech"]
118-
rules:
119-
- filters:
120-
- type: ResponseHeaderModifier
121-
responseHeaderModifier:
122-
set:
123-
- name: X-Frame-Options
124-
value: "SAMEORIGIN"
125-
- name: X-Content-Type-Options
126-
value: "nosniff"
127-
- name: X-XSS-Protection
128-
value: "1; mode=block"
129-
- name: Referrer-Policy
130-
value: "strict-origin-when-cross-origin"
131-
- name: X-DNS-Prefetch-Control
132-
value: "off"
133-
- name: Permissions-Policy
134-
value: "interest-cohort=()"
135-
- name: Cross-Origin-Opener-Policy
136-
value: "same-origin"
137-
- name: Cross-Origin-Resource-Policy
138-
value: "same-site"
139-
- name: Cross-Origin-Embedder-Policy
140-
value: "require-corp"
141-
---
14263
# yaml-language-server: $schema=https://kube-schemas.pages.dev/gateway.envoyproxy.io/clienttrafficpolicy_v1alpha1.json
14364
apiVersion: gateway.envoyproxy.io/v1alpha1
14465
kind: ClientTrafficPolicy
@@ -203,17 +124,18 @@ spec:
203124
- name: Cache-Control
204125
value: "no-store" # don't store caches
205126
- name: X-Frame-Options
206-
value: "DENY"
127+
value: "SAMEORIGIN"
207128
- name: X-Content-Type-Options
208129
value: "nosniff"
209130
- name: X-XSS-Protection
210131
value: "1; mode=block"
211-
- name: Referrer-Policy
212-
value: "no-referrer"
213132
- name: X-DNS-Prefetch-Control
214133
value: "off"
215134
- name: Permissions-Policy
216135
value: "interest-cohort=()" # anti Google FLoC
136+
addIfAbsent:
137+
- name: Referrer-Policy
138+
value: "no-referrer"
217139
- name: Cross-Origin-Opener-Policy
218140
value: "same-origin"
219141
- name: Cross-Origin-Resource-Policy
@@ -291,6 +213,7 @@ spec:
291213
value: "off"
292214
- name: Permissions-Policy
293215
value: "interest-cohort=()"
216+
addIfAbsent:
294217
- name: Referrer-Policy
295218
value: "strict-origin-when-cross-origin"
296219
- name: Cross-Origin-Opener-Policy

0 commit comments

Comments
 (0)