From 07ef9e1cb3228d76e571d59f9351ff5ab4307e9a Mon Sep 17 00:00:00 2001
From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
Date: Sat, 27 Jul 2024 18:07:10 +0200
Subject: [PATCH] feat: apply security annotations to webapp-ingress

Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
---
 home-anthill/templates/ingress-webapp.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/home-anthill/templates/ingress-webapp.yaml b/home-anthill/templates/ingress-webapp.yaml
index 7642f35..0235a0b 100644
--- a/home-anthill/templates/ingress-webapp.yaml
+++ b/home-anthill/templates/ingress-webapp.yaml
@@ -8,6 +8,11 @@ metadata:
     cert-manager.io/issuer: "cert-issuer-webapp"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/redirect-to-https: "true"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header X-Frame-Options "sameorigin";
+      add_header X-Content-Type-Options nosniff;
+      add_header Referrer-Policy 'same-origin';
+      add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
   {{- end }}
   namespace: {{ .Values.namespace }}
 spec: