(tooling-trusted-releases) 03/03: Remove headers that are now set in the frontend proxy

sbp Wed, 11 Mar 2026 10:59:40 -0700

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


commit c550a9d4b0e1ab89d23ecf78da808e1cc86e317f
Author: Sean B. Palmer <[email protected]>
AuthorDate: Wed Mar 11 17:58:59 2026 +0000

    Remove headers that are now set in the frontend proxy
---
 atr/server.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/atr/server.py b/atr/server.py
index 126c4680..51a6577b 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -566,10 +566,10 @@ def _app_setup_security_headers(app: base.QuartApp) -> 
None:
         response.headers["Content-Security-Policy"] = csp_header
         response.headers["Permissions-Policy"] = permissions_policy
         response.headers["Referrer-Policy"] = "same-origin"
-        response.headers["X-Content-Type-Options"] = "nosniff"
-        response.headers["X-Frame-Options"] = "DENY"
+        # audit_guidance we set X-Content-Type-Options: nosniff in our 
frontend proxy
+        # audit_guidance we set X-Frame-Options: DENY in our frontend proxy
         response.headers["X-Permitted-Cross-Domain-Policies"] = "none"
-        response.headers["Strict-Transport-Security"] = "max-age=31536000; 
includeSubDomains"
+        # audit_guidance we set Strict-Transport-Security: max-age=63072000; 
includeSubDomains in our frontend proxy
         return response
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

(tooling-trusted-releases) 03/03: Remove headers that are now set in the frontend proxy

Reply via email to