zio/bsky-app
2
0
Fork 0
Code Pull requests Releases Packages Activity

add required security HTTP headers (#568)

Browse source
This commit is contained in:
Jake Gold 2023-05-03 07:14:29 -07:00 committed by GitHub
parent 14e9719bcc
commit 204c6729e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
bskyweb/cmd/bskyweb/server.go
View file

@ -73,6 +73,15 @@ func serve(cctx *cli.Context) error {
e := echo.New() e := echo.New()
e.HideBanner = true e.HideBanner = true
// SECURITY: Do not modify without due consideration.
e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
ContentTypeNosniff: "nosniff",
XFrameOptions: "SAMEORIGIN",
HSTSMaxAge: 31536000, // 365 days
// TODO:
// ContentSecurityPolicy
// XSSProtection
}))
e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{ e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
// Don't log requests for static content. // Don't log requests for static content.
Skipper: func(c echo.Context) bool { Skipper: func(c echo.Context) bool {