|
@@ -380,7 +380,14 @@ describe('OC.SetupChecks tests', function() {
|
|
|
}, {
|
|
|
msg: 'The "X-Frame-Options" HTTP header is not configured to equal to "SAMEORIGIN". This is a potential security or privacy risk and we recommend adjusting this setting.',
|
|
|
type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
|
|
- }]);
|
|
|
+ }, {
|
|
|
+ msg: 'The "X-Download-Options" HTTP header is not configured to equal to "noopen". This is a potential security or privacy risk and we recommend adjusting this setting.',
|
|
|
+ type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
|
|
+ }, {
|
|
|
+ msg: 'The "X-Permitted-Cross-Domain-Policies" HTTP header is not configured to equal to "none". This is a potential security or privacy risk and we recommend adjusting this setting.',
|
|
|
+ type: OC.SetupChecks.MESSAGE_TYPE_WARNING
|
|
|
+ },
|
|
|
+ ]);
|
|
|
done();
|
|
|
});
|
|
|
});
|
|
@@ -394,7 +401,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
{
|
|
|
'X-Robots-Tag': 'none',
|
|
|
'X-Frame-Options': 'SAMEORIGIN',
|
|
|
- 'Strict-Transport-Security': 'max-age=15768000;preload'
|
|
|
+ 'Strict-Transport-Security': 'max-age=15768000;preload',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -421,7 +430,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
'X-Frame-Options': 'SAMEORIGIN',
|
|
|
- 'Strict-Transport-Security': 'max-age=15768000'
|
|
|
+ 'Strict-Transport-Security': 'max-age=15768000',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -441,7 +452,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -485,7 +498,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -508,7 +523,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -531,7 +548,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
}
|
|
|
);
|
|
|
|
|
@@ -553,7 +572,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
});
|
|
|
|
|
|
async.done(function( data, s, x ){
|
|
@@ -571,7 +592,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
});
|
|
|
|
|
|
async.done(function( data, s, x ){
|
|
@@ -589,7 +612,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
});
|
|
|
|
|
|
async.done(function( data, s, x ){
|
|
@@ -607,7 +632,9 @@ describe('OC.SetupChecks tests', function() {
|
|
|
'X-XSS-Protection': '1; mode=block',
|
|
|
'X-Content-Type-Options': 'nosniff',
|
|
|
'X-Robots-Tag': 'none',
|
|
|
- 'X-Frame-Options': 'SAMEORIGIN'
|
|
|
+ 'X-Frame-Options': 'SAMEORIGIN',
|
|
|
+ 'X-Download-Options': 'noopen',
|
|
|
+ 'X-Permitted-Cross-Domain-Policies': 'none',
|
|
|
});
|
|
|
|
|
|
async.done(function( data, s, x ){
|