MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 05:34:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

add some security HTTP headers (#5814)

Browse Source 
This change adds some security headers like Content-Security-Policy.
It does not set the HSTS header because Content-Security-Policy prevents
mixed HTTP and HTTPS content and the server does not use cookies.
However it is a header which could be added later on.

It also moves some header added by #5805 from a vendored file
to a generic handler.

Fixes ##5813
This commit is contained in:
Andreas Auernhammer
2018-04-13 00:57:41 +02:00
committed by Dee Koder
parent 1f07545e2a
commit f60765ac93
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vendor/github.com/gorilla/rpc/v2/server.go generated vendored
View File

@@ -149,11 +149,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Prevents Internet Explorer from MIME-sniffing a response away
// from the declared content-type
w.Header().Set("x-content-type-options", "nosniff")
// Prevents against XSS Atacks
w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
// Prevents against Clickjacking
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
// Encode the response.
if errResult == nil {
codecReq.WriteResponse(w, reply.Interface())