[server] Add support for enabling the security related response headers

This commit is contained in:
Ciprian Dorin Craciun 2019-08-12 16:50:28 +03:00
parent 8a35404611
commit 2f76bed806
2 changed files with 31 additions and 5 deletions

View file

@ -374,6 +374,7 @@
./.outputs/binaries/release/kawipiko-server \
--bind 127.9.185.194:8080 \
--archive "${_archive}" \
--security-headers-disable \
--timeout-disable \
"${@}" \
#

View file

@ -38,6 +38,8 @@ type server struct {
cachedFileFingerprints map[string][]byte
cachedDataMeta map[string][]byte
cachedDataContent map[string][]byte
securityHeadersEnabled bool
securityHeadersTls bool
debug bool
dummy bool
}
@ -103,11 +105,18 @@ func (_server *server) Serve (_context *fasthttp.RequestCtx) () {
}
}
// _responseHeaders.SetCanonical (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests"))
if _server.securityHeadersEnabled {
if _server.securityHeadersTls {
_responseHeaders.SetCanonical (StringToBytes ("Strict-Transport-Security"), StringToBytes ("max-age=31536000"))
_responseHeaders.SetCanonical (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests"))
}
{
_responseHeaders.SetCanonical (StringToBytes ("Referrer-Policy"), StringToBytes ("strict-origin-when-cross-origin"))
_responseHeaders.SetCanonical (StringToBytes ("X-Frame-Options"), StringToBytes ("SAMEORIGIN"))
_responseHeaders.SetCanonical (StringToBytes ("X-content-type-Options"), StringToBytes ("nosniff"))
_responseHeaders.SetCanonical (StringToBytes ("X-Content-Type-Options"), StringToBytes ("nosniff"))
_responseHeaders.SetCanonical (StringToBytes ("X-XSS-Protection"), StringToBytes ("1; mode=block"))
_responseHeaders.SetCanonical (StringToBytes ("X-Frame-Options"), StringToBytes ("sameorigin"))
}
}
var _fingerprints []byte
@ -398,6 +407,8 @@ func main_0 () (error) {
var _indexPaths bool
var _indexDataMeta bool
var _indexDataContent bool
var _securityHeadersEnabled bool
var _securityHeadersTls bool
var _timeoutDisabled bool
var _processes uint
var _threads uint
@ -444,6 +455,8 @@ func main_0 () (error) {
--processes <count> (of slave processes)
--threads <count> (of threads per process)
--security-headers-tls
--security-headers-disable
--timeout-disable
--profile-cpu <path>
@ -468,6 +481,8 @@ func main_0 () (error) {
_indexDataMeta_0 := _flags.Bool ("index-data-meta", false, "")
_indexDataContent_0 := _flags.Bool ("index-data-content", false, "")
_timeoutDisabled_0 := _flags.Bool ("timeout-disable", false, "")
_securityHeadersTls_0 := _flags.Bool ("security-headers-tls", false, "")
_securityHeadersDisabled_0 := _flags.Bool ("security-headers-disable", false, "")
_processes_0 := _flags.Uint ("processes", 0, "")
_threads_0 := _flags.Uint ("threads", 0, "")
_slave_0 := _flags.Uint ("slave", 0, "")
@ -487,6 +502,8 @@ func main_0 () (error) {
_indexPaths = _indexAll || *_indexPaths_0
_indexDataMeta = _indexAll || *_indexDataMeta_0
_indexDataContent = _indexAll || *_indexDataContent_0
_securityHeadersTls = *_securityHeadersTls_0
_securityHeadersEnabled = ! *_securityHeadersDisabled_0
_timeoutDisabled = *_timeoutDisabled_0
_processes = *_processes_0
_threads = *_threads_0
@ -606,6 +623,12 @@ func main_0 () (error) {
if _indexDataContent {
_processArguments = append (_processArguments, "--index-data-content")
}
if _securityHeadersTls {
_processArguments = append (_processArguments, "--security-headers-tls")
}
if !_securityHeadersEnabled {
_processArguments = append (_processArguments, "--security-headers-disable")
}
if _timeoutDisabled {
_processArguments = append (_processArguments, "--timeout-disable")
}
@ -930,6 +953,8 @@ func main_0 () (error) {
cachedFileFingerprints : _cachedFileFingerprints,
cachedDataMeta : _cachedDataMeta,
cachedDataContent : _cachedDataContent,
securityHeadersTls : _securityHeadersTls,
securityHeadersEnabled : _securityHeadersEnabled,
debug : _debug,
dummy : _dummy,
}