Re: X-Content-Type-Options and strict-transport-security

Best option: use a reverse proxy like haproxy or nginx to inject these. You can also terminate SSL at this layer for better SSL support and performance. -Joan On 02/07/2020 05:01, Mody, Darshan Arvindkumar (Darshan) wrote: Hi In our project we would like to set the header

X-Content-Type-Options and strict-transport-security

Hi In our project we would like to set the header X-Content-Type-Options and strict-transport-security whenever CouchDB responds to an request How can we set the headers? Thanks in advance Regards Darshan

Re: Way to disable the management GUI

Hi Darshan, Fauxton, the management GUI is just a web app that uses the CouchDB API that your application uses as well. The way to secure CouchDB is to secure who has access to the API. Whether or not the management GUI is present makes no difference. For example, if you have an CouchDB API

Way to disable the management GUI

Hi We are using CouchDB as the database in our project. One of the concerns from the Security team is the management GUI which can lead to vulnerabilities . Is there a way to disable the management GUI Thanks Darshan