Skip to content

Commit

Permalink
Merge pull request #2424 from flaviodsr/kibana_xframe_opt_header
Browse files Browse the repository at this point in the history 
kibana: set x-frame-options header (bsc#1171909, CVE-2020-10743)
  • Loading branch information
@flaviodsr
flaviodsr authored Jun 10, 2020
2 parents 7de3445 + 01f702d commit 49cb640
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions chef/cookbooks/monasca/templates/default/kibana.yml.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ server.host: 0.0.0.0
# specify that path here. The basePath can't end in a slash.
server.basePath: /monitoring/logs_proxy

# Set to sameorigin as a mitigation to CVE-2020-10743
# Header names and values to send on all responses to the client from the Kibana server.
server.customResponseHeaders: {"x-frame-options":"sameorigin"}

# The Elasticsearch instance to use for all your queries.
elasticsearch.url: http://<%= @elasticsearch_host %>:9200

Expand Down

0 comments on commit 49cb640

Please sign in to comment.