add required security HTTP headers (#568)

zio/stable
Jake Gold 2023-05-03 07:14:29 -07:00 committed by GitHub
parent 14e9719bcc
commit 204c6729e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions

View File

@ -73,6 +73,15 @@ func serve(cctx *cli.Context) error {
e := echo.New()
e.HideBanner = true
// SECURITY: Do not modify without due consideration.
e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
ContentTypeNosniff: "nosniff",
XFrameOptions: "SAMEORIGIN",
HSTSMaxAge: 31536000, // 365 days
// TODO:
// ContentSecurityPolicy
// XSSProtection
}))
e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
// Don't log requests for static content.
Skipper: func(c echo.Context) bool {