MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-09 06:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

add more XSS HTTP headers ()

Browse Source
This commit is contained in:
sakkiii 2021-07-20 04:35:02 +05:30 committed by GitHub
parent fa98014bbe
commit 69e0faa278
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions

5
cmd/generic-handlers.go

@ -553,11 +553,16 @@ func addCustomHeaders(h http.Handler) http.Handler {
}) })
} }
// addSecurityHeaders adds various HTTP(S) response headers.
// Security Headers enable various security protections behaviors in the client's browser.
func addSecurityHeaders(h http.Handler) http.Handler { func addSecurityHeaders(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
header := w.Header() header := w.Header()
header.Set("X-XSS-Protection", "1; mode=block") // Prevents against XSS attacks header.Set("X-XSS-Protection", "1; mode=block") // Prevents against XSS attacks
header.Set("Content-Security-Policy", "block-all-mixed-content") // prevent mixed (HTTP / HTTPS content) header.Set("Content-Security-Policy", "block-all-mixed-content") // prevent mixed (HTTP / HTTPS content)
header.Set("X-Frame-Options", "deny") // Prevent against Clickjack attack
header.Set("X-Content-Type-Options", "nosniff") // Prevent mime-sniff
header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") // HSTS mitigates variants of MITM attacks
h.ServeHTTP(w, r) h.ServeHTTP(w, r)
}) })
} }