-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add some basic headers to OSIN provided pages
Use restrictive defaults for basic security hygiene. Signed-off-by: Simo Sorce <simo@redhat.com>
- Loading branch information
Showing
4 changed files
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
package headers | ||
|
||
import ( | ||
"net/http" | ||
) | ||
|
||
func SetStandardHeaders(w http.ResponseWriter) { | ||
|
||
// We cannot set HSTS by default, it has too many drawbacks in environments | ||
// that use self-signed certs | ||
standardHeaders := map[string]string{ | ||
// Turn off caching, it never makes sense for authorization pages | ||
"Cache-Control": "no-cache, no-store", | ||
"Pragma": "no-cache", | ||
"Expires": "0", | ||
// Use a reasonably strict Referer policy by default | ||
"Referrer-Policy": "strict-origin-when-cross-origin", | ||
// Do not allow embedding as that can lead to clickjacking attacks | ||
"X-Frame-Options": "DENY", | ||
// Add other basic scurity hygiene headers | ||
"X-Content-Type-Options": "nosniff", | ||
"X-DNS-Prefetch-Control": "off", | ||
"X-XSS-Protection": "1; mode=block", | ||
} | ||
|
||
for key, val := range standardHeaders { | ||
w.Header().Add(key, val) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters