defense-headers.html 4.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. <div class="col-sm-9 col-md-10 col-sm-push-3 col-md-push-2">
  2. <kc-tabs-realm></kc-tabs-realm>
  3. <ul class="nav nav-tabs nav-tabs-pf">
  4. <li class="active"><a href="#/realms/{{realm.realm}}/defense/headers">{{:: 'headers' | translate}}</a></li>
  5. <li><a href="#/realms/{{realm.realm}}/defense/brute-force">{{:: 'brute-force-detection' | translate}}</a></li>
  6. </ul>
  7. <form class="form-horizontal" name="realmForm" novalidate kc-read-only="!access.manageRealm">
  8. <fieldset class="border-top">
  9. <div class="form-group">
  10. <label class="col-md-2 control-label" for="xFrameOptions"><a href="http://tools.ietf.org/html/rfc7034" target="_blank">{{:: 'x-frame-options' | translate}}</a></label>
  11. <div class="col-sm-6">
  12. <input class="form-control" id="xFrameOptions" type="text" ng-model="realm.browserSecurityHeaders.xFrameOptions">
  13. </div>
  14. <kc-tooltip>{{:: 'x-frame-options-tooltip' | translate}}</kc-tooltip>
  15. </div>
  16. <div class="form-group">
  17. <label class="col-md-2 control-label" for="contentSecurityPolicy"><a href="http://www.w3.org/TR/CSP/" target="_blank">{{:: 'content-sec-policy' | translate}}</a></label>
  18. <div class="col-sm-6">
  19. <input class="form-control" id="contentSecurityPolicy" type="text" ng-model="realm.browserSecurityHeaders.contentSecurityPolicy">
  20. </div>
  21. <kc-tooltip>{{:: 'content-sec-policy-tooltip' | translate}}</kc-tooltip>
  22. </div>
  23. <div class="form-group">
  24. <label class="col-md-2 control-label" for="contentSecurityPolicyReportOnly"><a href="http://www.w3.org/TR/CSP/" target="_blank">{{:: 'content-sec-policy-report-only' | translate}}</a></label>
  25. <div class="col-sm-6">
  26. <input class="form-control" id="contentSecurityPolicyReportOnly" type="text" ng-model="realm.browserSecurityHeaders.contentSecurityPolicyReportOnly">
  27. </div>
  28. <kc-tooltip>{{:: 'content-sec-policy-report-only-tooltip' | translate}}</kc-tooltip>
  29. </div>
  30. <div class="form-group">
  31. <label class="col-md-2 control-label" for="xContentTypeOptions"><a href="https://www.owasp.org/index.php/List_of_useful_HTTP_headers" target="_blank">{{:: 'content-type-options' | translate}}</a></label>
  32. <div class="col-sm-6">
  33. <input class="form-control" id="xContentTypeOptions" type="text" ng-model="realm.browserSecurityHeaders.xContentTypeOptions">
  34. </div>
  35. <kc-tooltip>{{:: 'content-type-options-tooltip' | translate}}</kc-tooltip>
  36. </div>
  37. <div class="form-group">
  38. <label class="col-md-2 control-label" for="xContentTypeOptions"><a href="https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag" target="_blank">{{:: 'robots-tag' | translate}}</a></label>
  39. <div class="col-sm-6">
  40. <input class="form-control" id="xRobotsTag" type="text" ng-model="realm.browserSecurityHeaders.xRobotsTag">
  41. </div>
  42. <kc-tooltip>{{:: 'robots-tag-tooltip' | translate}}</kc-tooltip>
  43. </div>
  44. <div class="form-group">
  45. <label class="col-md-2 control-label" for="xXSSProtection"><a href="https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xxxsp" target="_blank">{{:: 'x-xss-protection' | translate}}</a></label>
  46. <div class="col-sm-6">
  47. <input class="form-control" id="xXSSProtection" type="text" ng-model="realm.browserSecurityHeaders.xXSSProtection">
  48. </div>
  49. <kc-tooltip>{{:: 'x-xss-protection-tooltip' | translate}}</kc-tooltip>
  50. </div>
  51. <div class="form-group">
  52. <label class="col-md-2 control-label" for="strictTransportSecurity"><a href="https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#hsts" target="_blank">{{:: 'strict-transport-security' | translate}}</a></label>
  53. <div class="col-sm-6">
  54. <input class="form-control" id="strictTransportSecurity" type="text" ng-model="realm.browserSecurityHeaders.strictTransportSecurity">
  55. </div>
  56. <kc-tooltip>{{:: 'strict-transport-security-tooltip' | translate}}</kc-tooltip>
  57. </div>
  58. </fieldset>
  59. <div class="form-group" data-ng-show="access.manageRealm">
  60. <div class="col-md-10 col-md-offset-2">
  61. <button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
  62. <button kc-reset data-ng-disabled="!changed">{{:: 'cancel' | translate}}</button>
  63. </div>
  64. </div>
  65. </form>
  66. </div>
  67. <kc-menu></kc-menu>