import ceph 15.2.10

[ceph.git] / ceph / src / pybind / mgr / dashboard / services / auth.py

diff --git a/ceph/src/pybind/mgr/dashboard/services/auth.py b/ceph/src/pybind/mgr/dashboard/services/auth.py
index bbb8a2ecfe11c664663f3943982d383691c0c456..e9bf1bbd419ca4863dd7d84edd36017f76a0173b 100644 (file)
--- a/ceph/src/pybind/mgr/dashboard/services/auth.py
+++ b/ceph/src/pybind/mgr/dashboard/services/auth.py
@@ -15,6 +15,13 @@ import jwt
 from .access_control import LocalAuthenticator, UserDoesNotExist
 from .. import mgr
 
+cherrypy.config.update({
+    'response.headers.server': 'Ceph-Dashboard',
+    'response.headers.content-security-policy': "frame-ancestors 'self';",
+    'response.headers.x-content-type-options': 'nosniff',
+    'response.headers.strict-transport-security': 'max-age=63072000; includeSubDomains; preload'
+})
+
 
 class JwtManager(object):
     JWT_TOKEN_BLACKLIST_KEY = "jwt_token_black_list"
@@ -116,7 +123,7 @@ class JwtManager(object):
 
     @classmethod
     def blacklist_token(cls, token):
-        token = jwt.decode(token, verify=False)
+        token = cls.decode_token(token)
         blacklist_json = mgr.get_store(cls.JWT_TOKEN_BLACKLIST_KEY)
         if not blacklist_json:
             blacklist_json = "{}"