Configuring Policy Editor security headers
Use an options file to configure the Policy Editor.
About this task
You can configure the Policy Editor to add certain security headers to responses for calls to the UI resources in the options file’s securityHeaders
section. Supported headers include X-Frame-Options, Content-Security-Policy, and Access-Control-Allow-Origin. By default, X-Frame-Options will be set to deny
and the other headers will remain unset.
Steps
-
Make a copy of the default options file.
$ cp config/options.yml my-options.yml
-
To configure Policy Editor security headers, edit the
securityHeaders
section of the new options file.The file contains commented out examples of different security headers.
-
Duplicate the desired security header, uncomment, and modify its value according to your deployment.
The use of indentation in the
options.yml
file is important. When removing comment hashes, ensure that you retain valid YAML file indentation structure.
The following example illustrates the X-Frame-Options header duplicated and modified.
securityHeaders: # Configure the values that the Policy Editor will set in its # responses for the X-Frame-Options, Content-Security-Policy, and/or # Access-Control-Allow-Origin HTTP security headers here. # # X-Frame-Options: "deny" # Content-Security-Policy: "default-src https:" # Access-Control-Allow-Origin: "*" X-Frame-Options: "sameorigin"
-
-
Stop the Policy Editor.
$ bin/stop-server
-
Run
setup
using the--optionsFile
argument.$ bin/setup demo \ --adminUsername admin \ --generateSelfSignedCertificate \ --decisionPointSharedSecret pingauthorize \ --hostname <pap-hostname> \ --port <pap-port> \ --adminPort <admin-port> \ --licenseKeyFile <path-to-license> \ --optionsFile my-options.yml
-
Start the Policy Editor.
$ bin/start-server