EPMRPP-78457 || Security improvements (#3193)

reportportal · Jul 25, 2022 · 5a6560b · 5a6560b
1 parent 3b09378
commit 5a6560b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/app/src/pages/outside/loginPage/pageBlocks/loginBlock/loginForm/loginForm.jsx b/app/src/pages/outside/loginPage/pageBlocks/loginBlock/loginForm/loginForm.jsx
@@ -232,6 +232,7 @@ export class LoginForm extends React.Component {
                 icon={PasswordIcon}
                 placeholder={formatMessage(messages.password)}
                 type="password"
+                autocomplete="off"
               />
             </FieldErrorHint>
           </FieldProvider>

diff --git a/nginx.conf b/nginx.conf
@@ -31,25 +31,27 @@ http {
         index  index.html;
 
         add_header Content-Security-Policy "object-src 'none'; default-src 'self' data: 'unsafe-inline' *.uservoice.com; script-src 'self' 'unsafe-eval' status.reportportal.io www.google-analytics.com stats.g.doubleclick.net *.saucelabs.com *.epam.com *.uservoice.com *.rawgit.com; worker-src 'self' blob:; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.rawgit.com; style-src-elem 'self' data: 'unsafe-inline' *.googleapis.com *.rawgit.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com; media-src 'self' *.saucelabs.com blob:; img-src * 'self' data: blob: 'unsafe-inline' http: https: www.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://webto.salesforce.com";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection "1; mode=block";
 
         #fallback
         location / {
-          try_files $uri /index.html;
+            try_files $uri /index.html;
         }
 
         # media, fonts
         location ~* ([^/\\&\?]+\.+(jpg|jpeg|png|gif|eot|otf|webp|svg|ttf|woff|woff2))$ {
-          try_files $uri /media/$1 404;
+            try_files $uri /media/$1 404;
         }
 
         # assets
         location ~* ([^/\\&\?]+\.+(js|css|ico))$ {
-          try_files $uri /$1 404;
+            try_files $uri /$1 404;
         }
 
         # build info
         location /info {
-          try_files $uri /buildInfo.json 404;
+            try_files $uri /buildInfo.json 404;
         }
     }
-  }
+}