pwgd/libresaas-org
3
1
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity

Track changes for config_sync due to http_response_headers

Browse source
This commit is contained in:
Chris (wolcen) Thompson 2025-12-05 17:48:11 -05:00
parent c5fe1f3d83
commit 8abb36d3bb
4 changed files with 584 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

151
config/config_snapshot.snapshot.config_sync.module.http_response_headers.yml Normal file
View file

@ -0,0 +1,151 @@
uuid: 1e6f0bb1-965a-426a-a84f-224aaa47c8c0
langcode: en
status: true
dependencies:
module:
- http_response_headers
id: config_sync.module.http_response_headers
snapshotSet: config_sync
extensionType: module
extensionName: http_response_headers
items:
-
collection: ''
name: http_response_headers.response_header.access_control_allow_origin
data:
langcode: en
status: true
dependencies: { }
id: access_control_allow_origin
label: Access-Control-Allow-Origin
description: 'Access-Control-Allow-Origin is apart of the Cross Origin Resource Sharing (CORS) specification. This header is used to determine which sites are allowed to access the resource by defining either a single origin or all sites (denoted by a wildcard value).'
name: Access-Control-Allow-Origin
value: '*'
_core:
default_config_hash: jiYdwY3CosYS2LwI7rEJboBZ4h4lh4NaUGc31nkShPI
-
collection: ''
name: http_response_headers.response_header.content_security_policy
data:
langcode: en
status: true
dependencies: { }
id: content_security_policy
label: Content-Security-Policy
description: 'This HTTP header parameter allows you to define a whitelist of approved sources of content for your site. By restricting the assets that a browser can load for your site you will have extra level of protection from XSS attacks.'
name: Content-Security-Policy
value: ''
_core:
default_config_hash: vm-IJzaf6_rD43UbNf5XszM3uyG3n30GUMK7FQVQSqw
-
collection: ''
name: http_response_headers.response_header.public_key_pins
data:
langcode: en
status: true
dependencies: { }
id: public_key_pins
label: Public-Key-Pins
description: 'HTTP Public Key Pinning (HPKP) is a security feature that tells a web client to associate a specific cryptographic public key with a certain web server to prevent Man in the Middle (MITM) attacks with forged certificates.'
name: Public-Key-Pins
value: ''
_core:
default_config_hash: QnihCO4_FUzmixcXqUFF2z8WsUZt-Llst3ovAoeXZ0E
-
collection: ''
name: http_response_headers.response_header.referrer_policy
data:
langcode: en
status: true
dependencies: { }
id: referrer_policy
label: Referrer-Policy
description: 'Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all sites.'
name: Referrer-Policy
value: strict-origin-when-cross-origin
_core:
default_config_hash: JSZo_FSu2YFf7fXKgHhgJGvzRNHDcmakAcXGR4jCf-s
-
collection: ''
name: http_response_headers.response_header.strict_transport_security
data:
langcode: en
status: true
dependencies: { }
id: strict_transport_security
label: Strict-Transport-Security
description: 'This policy will enforce TLS on your site and all subdomains for a year.'
name: Strict-Transport-Security
value: 'max-age=31536000; includeSubDomains'
_core:
default_config_hash: EzF-BPkjidXdWfV5ZguA1GZG1XlRg3gh8_E7Oi9MdtM
-
collection: ''
name: http_response_headers.response_header.x_content_type_options
data:
langcode: en
status: true
dependencies: { }
id: x_content_type_options
label: X-Content-Type-Options
description: 'This header parameter prevents Google Chrome and Internet Explorer from trying to mime-sniff the content-type of a response away from the one being declared by the server.'
name: X-Content-Type-Options
value: nosniff
_core:
default_config_hash: qRI3wEmvqepaLI3hMH5U_tq_svkQ6s-7cgAmZKO-F4A
-
collection: ''
name: http_response_headers.response_header.x_frame_options
data:
langcode: en
status: true
dependencies: { }
id: x_frame_options
label: X-Frame-Options
description: "Clickjacking protection. Valid values include <em>DENY</em> meaning your site can't be framed, <em>SAMEORIGIN</em> which allows you to frame your own site or <em>ALLOW-FROM https://example.com/</em> which lets you specify sites that are permitted to frame"
name: X-Frame-Options
value: SAMEORIGIN
_core:
default_config_hash: aCpW04rpcXDf65J6xXwCkplv2TKA64ANULWPnidTXwE
-
collection: ''
name: http_response_headers.response_header.x_generator
data:
langcode: en
status: true
dependencies: { }
id: x_generator
label: X-Generator
description: 'Allows the declaration of the CMS type and version to be modified.'
name: X-Generator
value: ''
_core:
default_config_hash: rVXSHnFplX0srS0yj58pNNp_cHSe07Q-YnpBHUX4xUY
-
collection: ''
name: http_response_headers.response_header.x_powered_by
data:
langcode: en
status: true
dependencies: { }
id: x_powered_by
label: X-Powered-By
description: "The X-Powered-By header gives information on the technology that's supporting the Web Server. It is best not to provide this information."
name: X-Powered-By
value: ''
_core:
default_config_hash: qN2wWwIBQbvvZJ3v_gPS6_atvVWy-iU55c5Tdj_MqFQ
-
collection: ''
name: http_response_headers.response_header.x_xss_protection
data:
langcode: en
status: true
dependencies: { }
id: x_xss_protection
label: X-Xss-Protection
description: "This response header can be used to configure a user-agent's built in reflective XSS protection. Currently, only Microsoft's Internet Explorer, Google Chrome and Safari (WebKit) support this header."
name: X-Xss-Protection
value: '1; mode=block'
_core:
default_config_hash: xjdq0o6GzQSm6T11WcRHJ3A_DGGSEYiLrmqhLM8hpWQ