github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(headers): set Cross-Origin-Resource-Policy header for UI requests (#2883)

Browse Source 
* fix(headers): set Cross-Origin-Resource-Policy header for UI requests

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

* ci: disable stacker tests in ecosystem tools as they do not work on Ubuntu 24

Workaround this:

The Ubuntu 22 github free runner is not powerful enough to run all these tests.
We need a real fix on stacker side

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

---------

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
This commit is contained in:
Andrei Aaron
2025-01-17 10:50:58 +02:00
committed by GitHub
parent 97fd43e2b0
commit cdcafa925f
2 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/extensions/extension_ui.go
+3
View File
@@ -40,6 +40,9 @@ func addUISecurityHeaders(h http.Handler) http.HandlerFunc { //nolint:varnamelen
w.Header().Set("Permissions-Policy", permissionsPolicy)
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
cspDirectives := []string{
"default-src 'none'",