From 9c5213c14d50bb6b3c743bd2a542f9e5f79c929a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bonhomme?= <cedric@cedricbonhomme.org>
Date: Thu, 4 Apr 2019 13:54:23 +0200
Subject: [PATCH] Added some HTTPS headers in order to improve privacy and
 security.

---
 INSTALL/INSTALL.rhel7.md      | 7 +++++++
 INSTALL/INSTALL.ubuntu1604.md | 7 +++++++
 INSTALL/INSTALL.ubuntu1804.md | 7 +++++++
 vagrant/bootstrap.sh          | 8 ++++++++
 4 files changed, 29 insertions(+)

diff --git a/INSTALL/INSTALL.rhel7.md b/INSTALL/INSTALL.rhel7.md
index f1a9fa7..d382618 100644
--- a/INSTALL/INSTALL.rhel7.md
+++ b/INSTALL/INSTALL.rhel7.md
@@ -121,4 +121,11 @@ Set file ownership for monarc installation
         Require all granted
     </Directory>
 
+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
     SetEnv APPLICATION_ENV "development"
diff --git a/INSTALL/INSTALL.ubuntu1604.md b/INSTALL/INSTALL.ubuntu1604.md
index 4789206..c74d409 100644
--- a/INSTALL/INSTALL.ubuntu1604.md
+++ b/INSTALL/INSTALL.ubuntu1604.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
             Require all granted
         </Directory>
 
+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
         SetEnv APPLICATION_ENV "development"
     </VirtualHost>
 
diff --git a/INSTALL/INSTALL.ubuntu1804.md b/INSTALL/INSTALL.ubuntu1804.md
index fd09ee9..ef3d23e 100644
--- a/INSTALL/INSTALL.ubuntu1804.md
+++ b/INSTALL/INSTALL.ubuntu1804.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
             Require all granted
         </Directory>
 
+        <IfModule mod_headers.c>
+           Header always set X-Content-Type-Options nosniff
+           Header always set X-XSS-Protection "1; mode=block"
+           Header always set X-Robots-Tag none
+           Header always set X-Frame-Options SAMEORIGIN
+        </IfModule>
+
         SetEnv APPLICATION_ENV "development"
     </VirtualHost>
 
diff --git a/vagrant/bootstrap.sh b/vagrant/bootstrap.sh
index a46a77e..f707707 100644
--- a/vagrant/bootstrap.sh
+++ b/vagrant/bootstrap.sh
@@ -82,6 +82,7 @@ done
 echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
 a2enmod rewrite > /dev/null 2>&1
 a2enmod ssl > /dev/null 2>&1
+a2enmod headers > /dev/null 2>&1
 
 echo -e "\n--- Allowing Apache override to all ---\n"
 sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
@@ -162,6 +163,13 @@ cat > /etc/apache2/sites-enabled/000-default.conf <<EOF
         Require all granted
     </Directory>
 
+    <IfModule mod_headers.c>
+       Header always set X-Content-Type-Options nosniff
+       Header always set X-XSS-Protection "1; mode=block"
+       Header always set X-Robots-Tag none
+       Header always set X-Frame-Options SAMEORIGIN
+    </IfModule>
+
     SetEnv APPLICATION_ENV $ENVIRONMENT
     SetEnv APP_DIR $PATH_TO_MONARC
 </VirtualHost>