Add api security headers by AdriiiPRodri · Pull Request #7138 · wazuh/wazuh

AdriiiPRodri · 2021-01-11T12:55:59Z

Related issue
#7024

Description

Hi team,

As we stated in issue #7024, we did not follow the recommended security standard regarding the headers of the API responses. This PR closes #7024. In this PR he have added missing secure headers for API responses.

adriiiprodri@wazuh curl -k -u wazuh:wazuh -D- https://localhost:55040/security/user/authenticate
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Wazuh
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: none
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Pragma: no-cache
Expires: 0
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Content-Length: 300
Date: Thu, 24 Dec 2020 10:01:02 GMT

{"data": {"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJ3YXp1aCIsImF1ZCI6IldhenVoIEFQSSBSRVNUIiwibmJmIjoxNjA4ODA0MDYyLCJleHAiOjE2MDg4MDc2NjIsInN1YiI6IndhenVoIiwicnVuX2FzIjpmYWxzZSwicmJhY19yb2xlcyI6WzFdLCJyYmFjX21vZGUiOiJ3aGl0ZSJ9.ffBh2wmdPEIGjNWTxPIRFIJ1gI_zaqgoqffQwjsUH4o"}, "error": 0}

Tests

adriiiprodri@wazuh python3 run_tests.py -k security -rbac no
Collected tests [4]:
test_security_DELETE_endpoints.tavern.yaml, test_security_GET_endpoints.tavern.yaml, test_security_POST_endpoints.tavern.yaml, test_security_PUT_endpoints.tavern.yaml


test_security_DELETE_endpoints.tavern.yaml 
         15 passed, 17 warnings

test_security_GET_endpoints.tavern.yaml 
         18 passed, 20 warnings

test_security_POST_endpoints.tavern.yaml 
         6 passed, 8 warnings

test_security_PUT_endpoints.tavern.yaml 
         8 passed, 10 warnings

AdriiiPRodri added 2 commits January 11, 2021 13:08

Add missing API security headers

baf6c89

Fix security integration tests

cbfb13a

AdriiiPRodri added the module/api label Jan 11, 2021

AdriiiPRodri requested a review from davidjiglesias January 11, 2021 12:55

AdriiiPRodri self-assigned this Jan 11, 2021

davidjiglesias approved these changes Jan 11, 2021

View reviewed changes

davidjiglesias changed the title ~~4.0.4 api security headers~~ Add api security headers Jan 11, 2021

davidjiglesias marked this pull request as ready for review January 11, 2021 13:08

davidjiglesias added this to the Sprint 123 - Framework milestone Jan 11, 2021

davidjiglesias merged commit f4f0786 into 4.0.4 Jan 11, 2021

davidjiglesias deleted the 4.0.4-api-security-headers branch January 11, 2021 13:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add api security headers#7138

Add api security headers#7138
davidjiglesias merged 2 commits into4.0.4from
4.0.4-api-security-headers

AdriiiPRodri commented Jan 11, 2021 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

AdriiiPRodri commented Jan 11, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Tests

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

AdriiiPRodri commented Jan 11, 2021 •

edited

Loading