[server] Update security headers flag interpretation.
This commit is contained in:
parent
956d90a525
commit
8eabc1108a
1 changed files with 8 additions and 10 deletions
|
@ -332,17 +332,15 @@ func (_server *server) Serve (_context *fasthttp.RequestCtx) () {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if _server.securityHeadersTls {
|
||||||
|
_responseHeaders.AddBytesKV (StringToBytes ("Strict-Transport-Security"), StringToBytes ("max-age=31536000"))
|
||||||
|
_responseHeaders.AddBytesKV (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests"))
|
||||||
|
}
|
||||||
if _server.securityHeadersEnabled {
|
if _server.securityHeadersEnabled {
|
||||||
if _server.securityHeadersTls {
|
_responseHeaders.AddBytesKV (StringToBytes ("Referrer-Policy"), StringToBytes ("strict-origin-when-cross-origin"))
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("Strict-Transport-Security"), StringToBytes ("max-age=31536000"))
|
_responseHeaders.AddBytesKV (StringToBytes ("X-Content-Type-Options"), StringToBytes ("nosniff"))
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("Content-Security-Policy"), StringToBytes ("upgrade-insecure-requests"))
|
_responseHeaders.AddBytesKV (StringToBytes ("X-XSS-Protection"), StringToBytes ("1; mode=block"))
|
||||||
}
|
_responseHeaders.AddBytesKV (StringToBytes ("X-Frame-Options"), StringToBytes ("sameorigin"))
|
||||||
{
|
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("Referrer-Policy"), StringToBytes ("strict-origin-when-cross-origin"))
|
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("X-Content-Type-Options"), StringToBytes ("nosniff"))
|
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("X-XSS-Protection"), StringToBytes ("1; mode=block"))
|
|
||||||
_responseHeaders.AddBytesKV (StringToBytes ("X-Frame-Options"), StringToBytes ("sameorigin"))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if _server.debug {
|
if _server.debug {
|
||||||
|
|
Loading…
Reference in a new issue