mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
Add security HTTP Headers (#5805)
Some HTTP security headers in Minio. To avoid problems with XSS and Clickjacking attacks. X-Frame-Options X-Frame-Options response header improve the protection of web applications against Clickjacking. It declares a policy communicated from a host to the client browser on whether the browser must not display the transmitted content in frames of other web pages. X-XSS-Protection This header enables the Cross-site scripting (XSS) filter in your browser.
This commit is contained in:
parent
bd8d6e3c4e
commit
e39de65367
5
vendor/github.com/gorilla/rpc/v2/server.go
generated
vendored
5
vendor/github.com/gorilla/rpc/v2/server.go
generated
vendored
@ -149,6 +149,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
// Prevents Internet Explorer from MIME-sniffing a response away
|
||||
// from the declared content-type
|
||||
w.Header().Set("x-content-type-options", "nosniff")
|
||||
// Prevents against XSS Atacks
|
||||
w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
|
||||
// Prevents against Clickjacking
|
||||
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
|
||||
|
||||
// Encode the response.
|
||||
if errResult == nil {
|
||||
codecReq.WriteResponse(w, reply.Interface())
|
||||
|
Loading…
Reference in New Issue
Block a user