)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"c1418770461fe26f4bf798c8e40e82affe2ee51b","unresolved":false,"context_lines":[{"line_number":14,"context_line":"is to protect against drag and drop clickjacking attacks in older"},{"line_number":15,"context_line":"browsers"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Added new Content-Security-Policy: script-src self for implementation"},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"Added new HTTP Security header X-XSS-Protection:1 mode\u003dblock to"},{"line_number":20,"context_line":"sanitize the page, when a XSS attack is detected, the browser will"},{"line_number":21,"context_line":"prevent rendering of the page"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Change-Id: I6f89ffb44ad805039c4074889a7c15fbef6fc95e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":11,"id":"3fa7e38b_a6bcf4ba","line":21,"range":{"start_line":17,"start_character":0,"end_line":21,"end_character":29},"updated":"2019-10-16 18:42:28.000000000","message":"but these aren\u0027t actually added; should they be?","commit_id":"5fc93b09a3418dc59b12f68d8e22d7f81126c73e"}],"horizon/values.yaml":[{"author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"change_message_id":"f8acf04ecc7553ebfc8bea4637d48d6a44309ee6","unresolved":false,"context_lines":[{"line_number":181,"context_line":"      # site as frames. This defends against clickjacking attacks."},{"line_number":182,"context_line":"      # Requires mod_headers to be enabled."},{"line_number":183,"context_line":"      #"},{"line_number":184,"context_line":"      #Header set X-Frame-Options: \"sameorigin\""},{"line_number":185,"context_line":"    local_settings:"},{"line_number":186,"context_line":"      config:"},{"line_number":187,"context_line":"        # Use \"True\" and \"False\" as Titlecase strings with quotes, boolean"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"3fa7e38b_617cff82","line":184,"range":{"start_line":184,"start_character":6,"end_line":184,"end_character":47},"updated":"2019-10-10 15:40:07.000000000","message":"Can remove this if we\u0027re setting it above.\n\nIdeally, having descriptions of what each header does would be good.","commit_id":"6b0a23ab35e6584e67cb03b5f0d6b1c61013bf0a"},{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"e5a63c2b6afecb33ff60e83180afaa3a38844c95","unresolved":false,"context_lines":[{"line_number":173,"context_line":"      # Requires mod_headers to be enabled."},{"line_number":174,"context_line":"      #"},{"line_number":175,"context_line":"      Header set X-Content-Type-Options: \"nosniff\""},{"line_number":176,"context_line":"      Header set X-Frame-Options: \"sameorigin\""},{"line_number":177,"context_line":"      #Header set Content-Security-Policy: \"script-src \u0027self\u0027\""},{"line_number":178,"context_line":"      #Header set X-Permitted-Cross-Domain-Policies: \"none\""},{"line_number":179,"context_line":"      #Header set X-XSS-Protection: \"1; mode\u003dblock\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fa7e38b_5b6ab9ec","line":176,"range":{"start_line":176,"start_character":0,"end_line":176,"end_character":46},"updated":"2019-10-16 18:05:35.000000000","message":"in tested i see this header twice now, one uppercase (from where i\u0027m not sure) and this one\n\nit would be good to try and avoid that, if we can explain confidently where the other comes from use that, worst case make this the same case","commit_id":"50a925f53e8826588e80796d1b781c587f65b4e8"},{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"47a574b39c594365ffa609c197cfb8a169f58617","unresolved":false,"context_lines":[{"line_number":173,"context_line":"      # Requires mod_headers to be enabled."},{"line_number":174,"context_line":"      #"},{"line_number":175,"context_line":"      Header set X-Content-Type-Options: \"nosniff\""},{"line_number":176,"context_line":"      Header set X-Frame-Options: \"sameorigin\""},{"line_number":177,"context_line":"      #Header set Content-Security-Policy: \"script-src \u0027self\u0027\""},{"line_number":178,"context_line":"      #Header set X-Permitted-Cross-Domain-Policies: \"none\""},{"line_number":179,"context_line":"      #Header set X-XSS-Protection: \"1; mode\u003dblock\""}],"source_content_type":"text/x-yaml","patch_set":10,"id":"3fa7e38b_2691e452","line":176,"range":{"start_line":176,"start_character":0,"end_line":176,"end_character":46},"in_reply_to":"3fa7e38b_5b6ab9ec","updated":"2019-10-16 18:39:04.000000000","message":"ok ... django is doing this by default it seems, see /var/lib/openstack/lib/python2.7/site-packages/django/conf/global_settings.py in the running container\n\nheader merge doesn\u0027t DTRT to probably we just remove that","commit_id":"50a925f53e8826588e80796d1b781c587f65b4e8"},{"author":{"_account_id":8898,"name":"Chris Wedgwood","email":"cw@f00f.org","username":"anticw"},"change_message_id":"c1418770461fe26f4bf798c8e40e82affe2ee51b","unresolved":false,"context_lines":[{"line_number":180,"context_line":"      # \u0027X-Frame-Options: \"sameorigin\"\u0027 is already set by django by default"},{"line_number":181,"context_line":"      #"},{"line_number":182,"context_line":"      #Header set Content-Security-Policy: \"script-src \u0027self\u0027\""},{"line_number":183,"context_line":"      #Header set X-Permitted-Cross-Domain-Policies: \"none\""},{"line_number":184,"context_line":"      #Header set X-XSS-Protection: \"1; mode\u003dblock\""},{"line_number":185,"context_line":""},{"line_number":186,"context_line":"      # Setting this header will prevent other sites from embedding pages from this"}],"source_content_type":"text/x-yaml","patch_set":11,"id":"3fa7e38b_e6bd0cb1","line":183,"range":{"start_line":183,"start_character":0,"end_line":183,"end_character":59},"updated":"2019-10-16 18:42:28.000000000","message":"no problem having this (though commented out not sure); but the other changes you put in the commitmsg but not this\n\nis that intended?","commit_id":"5fc93b09a3418dc59b12f68d8e22d7f81126c73e"}]}