Nulo/kawipiko
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[server] Update security headers flag interpretation.

Browse source
This commit is contained in:
Ciprian Dorin Craciun 2021-12-16 17:45:16 +02:00
parent 956d90a525
commit 8eabc1108a
1 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sources/cmd/server/server.go
View file

@ -332,18 +332,16 @@ func (_server *server) Serve (_context *fasthttp.RequestCtx) () {
return return
} }
if _server.securityHeadersEnabled {
if _server.securityHeadersTls { if _server.securityHeadersTls {
_responseHeaders.AddBytesKV (StringToBytes ("Strict-Transport-Security"), StringToBytes ("max-age=31536000")) _responseHeaders.AddBytesKV (StringToBytes ("Strict-Transport-Security"), StringToBytes ("max-age=31536000"))
_responseHeaders.AddBytesKV (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests")) _responseHeaders.AddBytesKV (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests"))
} }
{ if _server.securityHeadersEnabled {
_responseHeaders.AddBytesKV (StringToBytes ("Referrer-Policy"), StringToBytes ("strict-origin-when-cross-origin")) _responseHeaders.AddBytesKV (StringToBytes ("Referrer-Policy"), StringToBytes ("strict-origin-when-cross-origin"))
_responseHeaders.AddBytesKV (StringToBytes ("X-Content-Type-Options"), StringToBytes ("nosniff")) _responseHeaders.AddBytesKV (StringToBytes ("X-Content-Type-Options"), StringToBytes ("nosniff"))
_responseHeaders.AddBytesKV (StringToBytes ("X-XSS-Protection"), StringToBytes ("1; mode=block")) _responseHeaders.AddBytesKV (StringToBytes ("X-XSS-Protection"), StringToBytes ("1; mode=block"))
_responseHeaders.AddBytesKV (StringToBytes ("X-Frame-Options"), StringToBytes ("sameorigin")) _responseHeaders.AddBytesKV (StringToBytes ("X-Frame-Options"), StringToBytes ("sameorigin"))
} }
}
if _server.debug { if _server.debug {
log.Printf ("[dd] [b15f3cad] serving for `%s`...\n", *_requestUriString) log.Printf ("[dd] [b15f3cad] serving for `%s`...\n", *_requestUriString)