diff --git a/conf/openmetadata.yaml b/conf/openmetadata.yaml index 252acbfccc1..2a55441a18a 100644 --- a/conf/openmetadata.yaml +++ b/conf/openmetadata.yaml @@ -315,15 +315,26 @@ applicationConfig: web: - uriPath: /api + uriPath: ${WEB_CONF_URI_PATH:-"/api"} hsts: - enabled: true + enabled: ${WEB_CONF_HSTS_ENABLED:-false} + maxAge: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} + includeSubDomains: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} + preload: ${WEB_CONF_HSTS_PRELOAD:-"true"} frame-options: - enabled: true + enabled: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + option: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + origin: ${WEB_CONF_FRAME_ORIGIN:-""} content-type-options: - enabled: true + enabled: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} xss-protection: - enabled: true + enabled: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + on: ${WEB_CONF_XSS_PROTECTION_ON:-true} + block: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + csp: + enabled: ${WEB_CONF_XSS_CSP_ENABLED:-false} + policy: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + reportOnlyPolicy: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} changeEventConfig: omUri: ${OM_URI:- "http://localhost:8585"} #openmetadata in om uri for eg http://localhost:8585 diff --git a/docker/docker-compose-openmetadata/docker-compose-openmetadata-postgres.yml b/docker/docker-compose-openmetadata/docker-compose-openmetadata-postgres.yml index 755e9d9afc5..34530fa444d 100644 --- a/docker/docker-compose-openmetadata/docker-compose-openmetadata-postgres.yml +++ b/docker/docker-compose-openmetadata/docker-compose-openmetadata-postgres.yml @@ -131,6 +131,29 @@ services: OM_JWT_EXPIRY_TIME: ${OM_JWT_EXPIRY_TIME:-3600} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #HSTS + WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} + WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} + WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} + WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + expose: - 8585 - 8586 diff --git a/docker/docker-compose-openmetadata/docker-compose-openmetadata.yml b/docker/docker-compose-openmetadata/docker-compose-openmetadata.yml index 1f1fd7a6b35..ce59170ac04 100644 --- a/docker/docker-compose-openmetadata/docker-compose-openmetadata.yml +++ b/docker/docker-compose-openmetadata/docker-compose-openmetadata.yml @@ -123,6 +123,29 @@ services: # Heap OPTS Configurations OPENMETADATA_HEAP_OPTS: ${OPENMETADATA_HEAP_OPTS:--Xmx1G -Xms1G} + + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #HSTS + WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} + WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} + WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} + WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + expose: - 8585 - 8586 diff --git a/docker/docker-compose-openmetadata/env-mysql b/docker/docker-compose-openmetadata/env-mysql index e7bf70e67de..11c2062b289 100644 --- a/docker/docker-compose-openmetadata/env-mysql +++ b/docker/docker-compose-openmetadata/env-mysql @@ -50,3 +50,19 @@ OM_LOGIN_ACCESS_BLOCK_TIME=600 OM_JWT_EXPIRY_TIME=3600 # Mask passwords values in UI MASK_PASSWORDS_API="false" +#WebConfiguration +WEB_CONF_URI_PATH="/api" +WEB_CONF_HSTS_ENABLED=false +WEB_CONF_HSTS_MAX_AGE="365 days" +WEB_CONF_HSTS_INCLUDE_SUBDOMAINS="true" +WEB_CONF_HSTS_PRELOAD="true" +WEB_CONF_FRAME_OPTION_ENABLED=false +WEB_CONF_FRAME_OPTION="SAMEORIGIN" +WEB_CONF_FRAME_ORIGIN="" +WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED=false +WEB_CONF_XSS_PROTECTION_ENABLED=false +WEB_CONF_XSS_PROTECTION_ON=true +WEB_CONF_XSS_PROTECTION_BLOCK=true +WEB_CONF_XSS_CSP_ENABLED=false +WEB_CONF_XSS_CSP_POLICY="default-src 'self'" +WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY="" diff --git a/docker/docker-compose-openmetadata/env-postgres b/docker/docker-compose-openmetadata/env-postgres index 5ca660a30f4..36991c1fe11 100644 --- a/docker/docker-compose-openmetadata/env-postgres +++ b/docker/docker-compose-openmetadata/env-postgres @@ -49,4 +49,20 @@ OM_MAX_FAILED_LOGIN_ATTEMPTS=3 OM_LOGIN_ACCESS_BLOCK_TIME=600 OM_JWT_EXPIRY_TIME=3600 # Mask passwords values in UI -MASK_PASSWORDS_API="false" \ No newline at end of file +MASK_PASSWORDS_API="false" +#WebConfiguration +WEB_CONF_URI_PATH="/api" +WEB_CONF_HSTS_ENABLED=false +WEB_CONF_HSTS_MAX_AGE="365 days" +WEB_CONF_HSTS_INCLUDE_SUBDOMAINS="true" +WEB_CONF_HSTS_PRELOAD="true" +WEB_CONF_FRAME_OPTION_ENABLED=false +WEB_CONF_FRAME_OPTION="SAMEORIGIN" +WEB_CONF_FRAME_ORIGIN="" +WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED=false +WEB_CONF_XSS_PROTECTION_ENABLED=false +WEB_CONF_XSS_PROTECTION_ON=true +WEB_CONF_XSS_PROTECTION_BLOCK=true +WEB_CONF_XSS_CSP_ENABLED=false +WEB_CONF_XSS_CSP_POLICY="default-src 'self'" +WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY="" \ No newline at end of file diff --git a/docker/docker-compose-quickstart/docker-compose-postgres.yml b/docker/docker-compose-quickstart/docker-compose-postgres.yml index 096d230c25d..49e8567b21a 100644 --- a/docker/docker-compose-quickstart/docker-compose-postgres.yml +++ b/docker/docker-compose-quickstart/docker-compose-postgres.yml @@ -171,6 +171,29 @@ services: OM_JWT_EXPIRY_TIME: ${OM_JWT_EXPIRY_TIME:-3600} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #HSTS + WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} + WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} + WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} + WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + expose: - 8585 - 8586 diff --git a/docker/docker-compose-quickstart/docker-compose.yml b/docker/docker-compose-quickstart/docker-compose.yml index 48187f4726e..0d3e767ed88 100644 --- a/docker/docker-compose-quickstart/docker-compose.yml +++ b/docker/docker-compose-quickstart/docker-compose.yml @@ -171,6 +171,29 @@ services: OM_JWT_EXPIRY_TIME: ${OM_JWT_EXPIRY_TIME:-3600} # Mask passwords values in UI MASK_PASSWORDS_API: ${MASK_PASSWORDS_API:-false} + + #OpenMetadata Web Configuration + WEB_CONF_URI_PATH: ${WEB_CONF_URI_PATH:-"/api"} + #HSTS + WEB_CONF_HSTS_ENABLED: ${WEB_CONF_HSTS_ENABLED:-false} + WEB_CONF_HSTS_MAX_AGE: ${WEB_CONF_HSTS_MAX_AGE:-"365 days"} + WEB_CONF_HSTS_INCLUDE_SUBDOMAINS: ${WEB_CONF_HSTS_INCLUDE_SUBDOMAINS:-"true"} + WEB_CONF_HSTS_PRELOAD: ${WEB_CONF_HSTS_PRELOAD:-"true"} + #Frame Options + WEB_CONF_FRAME_OPTION_ENABLED: ${WEB_CONF_FRAME_OPTION_ENABLED:-false} + WEB_CONF_FRAME_OPTION: ${WEB_CONF_FRAME_OPTION:-"SAMEORIGIN"} + WEB_CONF_FRAME_ORIGIN: ${WEB_CONF_FRAME_ORIGIN:-""} + #Content Type + WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED: ${WEB_CONF_CONTENT_TYPE_OPTIONS_ENABLED:-false} + #XSS-Protection + WEB_CONF_XSS_PROTECTION_ENABLED: ${WEB_CONF_XSS_PROTECTION_ENABLED:-false} + WEB_CONF_XSS_PROTECTION_ON: ${WEB_CONF_XSS_PROTECTION_ON:-true} + WEB_CONF_XSS_PROTECTION_BLOCK: ${WEB_CONF_XSS_PROTECTION_BLOCK:-true} + #CSP + WEB_CONF_XSS_CSP_ENABLED: ${WEB_CONF_XSS_CSP_ENABLED:-false} + WEB_CONF_XSS_CSP_POLICY: ${WEB_CONF_XSS_CSP_POLICY:-"default-src 'self'"} + WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY: ${WEB_CONF_XSS_CSP_REPORT_ONLY_POLICY:-""} + expose: - 8585 - 8586