Re: X-Content-Type-Options and strict-transport-security

Given that CouchDB exposes its functionality over HTTP through a RESTful API, IMHO it should allow to define such important http headers for security directly. Only being able to rely on additional infrastructure to secure the system is problematic. Indeed many production deployments will have such

Re: X-Content-Type-Options and strict-transport-security

Yes, it all depends on your definition of “long term” in your project in relation to your estimation of the arrival of 4.0 j:) > On 3 Jul 2020, at 08:29, Mody, Darshan Arvindkumar (Darshan) > wrote: > > Thanks but the function list are marked deprecated so it would not be long > term solution

RE: X-Content-Type-Options and strict-transport-security

Thanks but the function list are marked deprecated so it would not be long term solution Thanks Darshan -Original Message- From: Johs Ensby Sent: Friday, July 3, 2020 11:58 AM To: user@couchdb.apache.org Subject: Re: X-Content-Type-Options and strict-transport-security Hi Darshan, I h

Re: X-Content-Type-Options and strict-transport-security

Hi Darshan, I haven’t tried this header, but you should be able to incude it in the "start" from a design document list function https://docs.couchdb.org/en/stable/ddocs/ddocs.html#list-functions by adding another property to the headers object: start({ 'headers': {

Re: X-Content-Type-Options and strict-transport-security

Best option: use a reverse proxy like haproxy or nginx to inject these. You can also terminate SSL at this layer for better SSL support and performance. -Joan On 02/07/2020 05:01, Mody, Darshan Arvindkumar (Darshan) wrote: Hi In our project we would like to set the header X-Content-Type-Opti

X-Content-Type-Options and strict-transport-security

Hi In our project we would like to set the header X-Content-Type-Options and strict-transport-security whenever CouchDB responds to an request How can we set the headers? Thanks in advance Regards Darshan

Re: Way to disable the management GUI

Hi Darshan, Fauxton, the management GUI is just a web app that uses the CouchDB API that your application uses as well. The way to secure CouchDB is to secure who has access to the API. Whether or not the management GUI is present makes no difference. For example, if you have an CouchDB API en

Way to disable the management GUI

Hi We are using CouchDB as the database in our project. One of the concerns from the Security team is the management GUI which can lead to vulnerabilities . Is there a way to disable the management GUI Thanks Darshan