From 0b010c00cc0dbf48c41d3465bc813a84931bde88 Mon Sep 17 00:00:00 2001
From: Kjeld Schouten <kjeld@schouten-lebbing.nl>
Date: Thu, 7 Mar 2024 17:12:48 +0100
Subject: [PATCH] fix(traefik): update default security configuration

Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
---
 charts/enterprise/traefik/templates/middlewares/tc-headers.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml b/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
index b0500afc708..e8678d52c41 100644
--- a/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
@@ -19,6 +19,7 @@ spec:
     accessControlMaxAge: 100
     browserXssFilter: true
     contentTypeNosniff: true
+    frameDeny: true
     customRequestHeaders:
       X-Forwarded-Proto: https
     customResponseHeaders:
@@ -51,6 +52,7 @@ spec:
     browserXssFilter: true
     sslForceHost: true
     referrerPolicy: same-origin
+    Content-Security-Policy: frame-ancestors 'self'; form-action 'self'
     customRequestHeaders:
       X-Forwarded-Proto: "https"
     customResponseHeaders: