python-support-infra/stacks/mesh/configs/mesh__traefik_default_middl...

####################
# - Default Middlewares
####################
[http.middlewares.default.chain]
middlewares = [
	"default-security-headers",
]

####################
# - Middleware: Default Security Headers
####################
[http.middlewares.default-security-headers.headers]
browserXssFilter = true  # X-XSS-Protection=1; mode=block
contentTypeNosniff = true  # X-Content-Type-Options=nosniff
forceSTSHeader = true  # Add STS even when using HTTP.
frameDeny = true  # X-Frame-Options=deny
referrerPolicy = "strict-origin-when-cross-origin"
sslRedirect = true  # Allow only https requests
stsIncludeSubdomains = true  # Add includeSubdomains to STS header
stsPreload = true  # Add preload flag appended to STS header
stsSeconds = 63072000  # Set max-age of STS header (2 years)
feat: Working minimal, reproducible infrastructure. 2023-08-13 04:49:19 +02:00			`####################`
			`# - Default Middlewares`
			`####################`
			`[http.middlewares.default.chain]`
			`middlewares = [`
			`"default-security-headers",`
			`]`

			`####################`
			`# - Middleware: Default Security Headers`
			`####################`
			`[http.middlewares.default-security-headers.headers]`
			`browserXssFilter = true # X-XSS-Protection=1; mode=block`
			`contentTypeNosniff = true # X-Content-Type-Options=nosniff`
			`forceSTSHeader = true # Add STS even when using HTTP.`
			`frameDeny = true # X-Frame-Options=deny`
			`referrerPolicy = "strict-origin-when-cross-origin"`
			`sslRedirect = true # Allow only https requests`
			`stsIncludeSubdomains = true # Add includeSubdomains to STS header`
			`stsPreload = true # Add preload flag appended to STS header`
			`stsSeconds = 63072000 # Set max-age of STS header (2 years)`