[TOC] # 漏洞详情  # 漏洞处理方案 扫描工具给出的漏洞处理的方案  ingress-nginx处理方案 >[danger] 注意：proxy_set_header是nginx设置请求头给上游服务器，add_header是nginx设置响应头信息给浏览器。 ```shell # 备份ingress-nginx配置文件 kubectl get configmap/nginx-configuration-nginx-ingress-controller -n kube-system -oyaml > nginx-configuration.yaml # 添加add-headers参数，如果已经存在则不需要指定。 kubectl patch configmap/nginx-configuration-nginx-ingress-controller -n kube-system --type merge -p '{"data":{ "add-headers": "kube-system/custom-add-headers"}}' # 创建add-headers的configmap配置 cat << EOF | kubectl apply -f - apiVersion: v1 data: Content-Security-Policy: "default-src 'self'" X-Content-Type-Options: "nosniff" X-XSS-Protection: "1; mode=block" Set-Cookie: "HttpOnly" Set-Cookie: "Secure" kind: ConfigMap metadata: name: custom-add-headers namespace: kube-system EOF ``` # 参考文档 ingress-nginx文档：https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers