From 962a15e1e1ee6942377c8520bb96f58031abe536 Mon Sep 17 00:00:00 2001
From: Artiume <siderite@gmail.com>
Date: Tue, 11 Jun 2019 21:13:06 -0400
Subject: [PATCH] Update Organizr for HSTS Compliance

Adds update for HSTS Compliance.

frameDeny enabled will prevent Organizr from being iFrame'd.
---
 apps/organizr.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apps/organizr.yml b/apps/organizr.yml
index 70530a1..2a89008 100644
--- a/apps/organizr.yml
+++ b/apps/organizr.yml
@@ -29,6 +29,16 @@
           traefik.enable: 'true'
           traefik.port: '{{intport}}'
           traefik.frontend.rule: 'Host:{{pgrole}}.{{domain.stdout}},{{tldset}}'
+          traefik.frontend.headers.SSLHost: '{{domain.stdout}}'
+          traefik.frontend.headers.SSLRedirect: 'true'
+          traefik.frontend.headers.STSIncludeSubdomains: 'true'
+          traefik.frontend.headers.STSPreload: 'true'
+          traefik.frontend.headers.STSSeconds: '315360000'
+          traefik.frontend.headers.browserXSSFilter: 'true'
+          traefik.frontend.headers.contentTypeNosniff: 'true'
+          traefik.frontend.headers.customResponseHeaders: 'X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex'
+          traefik.frontend.headers.forceSTSHeader: 'true'
+          traefik.frontend.headers.frameDeny: 'true'
 
     - name: 'Setting PG Volumes'
       set_fact: