MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

add some security HTTP headers (#5814)

Browse Source 
This change adds some security headers like Content-Security-Policy.
It does not set the HSTS header because Content-Security-Policy prevents
mixed HTTP and HTTPS content and the server does not use cookies.
However it is a header which could be added later on.

It also moves some header added by #5805 from a vendored file
to a generic handler.

Fixes ##5813
This commit is contained in:
Andreas Auernhammer
2018-04-13 00:57:41 +02:00
committed by Dee Koder
parent 1f07545e2a
commit f60765ac93
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/routers.go
View File

@@ -59,6 +59,8 @@ func registerDistXLRouters(mux *router.Router, endpoints EndpointList) error {
// List of some generic handlers which are applied for all incoming requests.
var globalHandlers = []HandlerFunc{
// set HTTP security headers such as Content-Security-Policy.
addSecurityHeaders,
// Ratelimit the incoming requests using a token bucket algorithm
setRateLimitHandler,
// Validate all the incoming paths.