From be0a06d6fb9f5b090f3d31196e2c70ccb4473e23 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 9 Mar 2022 21:23:48 +0000 Subject: [PATCH] add custom secure http headers --- src/bunker.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/bunker.go b/src/bunker.go index 3a93b2a..edb7d30 100644 --- a/src/bunker.go +++ b/src/bunker.go @@ -419,6 +419,11 @@ func reqMiddleware(handler http.Handler) http.Handler { //log.Printf("Set host %s\n", r.Host) autocontext.Set(r, "host", r.Host) w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("X-Frame-Options", "SAMEORIGIN") + w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload") + w.Header().Set("Content-Security-Policy", "default-src 'self' http: https: data: blob: 'unsafe-inline'") + w.Header().Set("X-XSS-Protection", "1; mode=block") + w.Header().Set("X-Content-Type-Options", "nosniff") w2 := NewCustomResponseWriter(w) if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") { w2.Header().Set("Vary", "Accept-Encoding")