Sidebar

Enabling Security Headers on QIE

0 votes
123 views
asked Jun 3, 2022 by bruce-kulback-k-6781 (120 points)
So, we followed a number of threads and were able to run QIE on an Ubuntu 22.04 instance as a non-root user using HTTPS and a Let's Encrypt certificate. However, our security scanner is reporting that we should be setting Content Security Policy (CSP) headers and others (X-Content-Type-Options for example).

1) How can these headers be set?

2) Are there recommended values for increasing the web-interface security posture - short of blocking Internet access?

Thank you.

1 Answer

0 votes
There is not a way to change these headers for the management console.  The QIE management console is not intended to be exposed to the internet; i.e. allow only access from within the local network.
answered Jun 3, 2022 by jon-t-7005 (7,590 points)
...