Added following security enhancements: 1) Added ALLOWED_HOSTS list to limit the host address. 2) Added CSP and HSTS security header. 3) Hide the webserver/ development framework version.
Fixes #5919 Branch ------ master Details ------- https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=08c4deba5a4aa781db2c78839eb03f6bccf60a30 Author: Ganesh Jaybhay <ganesh.jayb...@enterprisedb.com> Modified Files -------------- Dockerfile | 4 ++- docs/en_US/release_notes_4_28.rst | 1 + pkg/docker/entrypoint.sh | 4 +-- pkg/docker/gunicorn_config.py | 2 ++ requirements.txt | 1 + web/config.py | 49 ++++++++++++++++++++++++++++++++++- web/pgadmin/__init__.py | 45 +++++++++++++++++++++++++++----- web/pgadmin/browser/__init__.py | 3 +++ web/pgadmin/preferences/__init__.py | 3 +++ web/pgadmin/utils/security_headers.py | 41 +++++++++++++++++++++++++++++ web/pgadmin/utils/session.py | 6 ++++- 11 files changed, 148 insertions(+), 11 deletions(-)
