mirror of
https://github.com/pgsty/minio.git
synced 2026-07-19 04:00:25 +03:00
add some security HTTP headers (#5814)
This change adds some security headers like Content-Security-Policy. It does not set the HSTS header because Content-Security-Policy prevents mixed HTTP and HTTPS content and the server does not use cookies. However it is a header which could be added later on. It also moves some header added by #5805 from a vendored file to a generic handler. Fixes ##5813
This commit is contained in:
committed by
Dee Koder
parent
1f07545e2a
commit
f60765ac93
+1
-5
@@ -149,11 +149,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
// Prevents Internet Explorer from MIME-sniffing a response away
|
||||
// from the declared content-type
|
||||
w.Header().Set("x-content-type-options", "nosniff")
|
||||
// Prevents against XSS Atacks
|
||||
w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
|
||||
// Prevents against Clickjacking
|
||||
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
|
||||
|
||||
|
||||
// Encode the response.
|
||||
if errResult == nil {
|
||||
codecReq.WriteResponse(w, reply.Interface())
|
||||
|
||||
Reference in New Issue
Block a user