MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-12 23:43:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add security HTTP Headers (#5805)

Browse Source 
Some HTTP security headers in Minio.
To avoid problems with XSS and Clickjacking attacks.

X-Frame-Options
X-Frame-Options response header improve the protection
of web applications against Clickjacking. It declares a
policy communicated from a host to the client browser
on whether the browser must not display the transmitted
content in frames of other web pages.

X-XSS-Protection
This header enables the Cross-site scripting (XSS) filter in your browser.
This commit is contained in:
rwagner_inf 2018-04-12 18:09:38 -03:00 committed by Harshavardhana
parent bd8d6e3c4e
commit e39de65367
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
vendor/github.com/gorilla/rpc/v2/server.go generated vendored
View File

@ -149,6 +149,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Prevents Internet Explorer from MIME-sniffing a response away // Prevents Internet Explorer from MIME-sniffing a response away
// from the declared content-type // from the declared content-type
w.Header().Set("x-content-type-options", "nosniff") w.Header().Set("x-content-type-options", "nosniff")
// Prevents against XSS Atacks
w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
// Prevents against Clickjacking
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
// Encode the response. // Encode the response.
if errResult == nil { if errResult == nil {
codecReq.WriteResponse(w, reply.Interface()) codecReq.WriteResponse(w, reply.Interface())