techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
cac8919f97
authelia/internal/middlewares/headers.go
James Elliott 556a115c83
fix(server): missing modern security headers (#3288) 
This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc.
2022-05-03 12:19:30 +10:00

17 lines
545 B
Go
Raw Blame History

package middlewares
import (
"github.com/valyala/fasthttp"
)
// SecurityHeaders middleware adds several modern recommended security headers with safe values.
func SecurityHeaders(next fasthttp.RequestHandler) fasthttp.RequestHandler {
return func(ctx *fasthttp.RequestCtx) {
ctx.Response.Header.SetBytesKV(headerXContentTypeOptions, headerValueNoSniff)
ctx.Response.Header.SetBytesKV(headerReferrerPolicy, headerValueStrictOriginCrossOrigin)
ctx.Response.Header.SetBytesKV(headerPermissionsPolicy, headerValueCohort)
next(ctx)
}
}
Reference in New Issue View Git Blame Copy Permalink