Docker
/
linx-server
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

add X-Content-Type-Options: nosniff

pull/36/head
mutantmonkey 9 years ago
parent
42aab4dca1
commit
71d5f51ae6
2 changed files with 5 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      csp.go
  2. 1
      csp_test.go

6
csp.go
View File

@ -5,8 +5,9 @@ import (
) )
const ( const (
cspHeader = "Content-Security-Policy"
frameOptionsHeader = "X-Frame-Options"
cspHeader = "Content-Security-Policy"
frameOptionsHeader = "X-Frame-Options"
contentTypeOptionsHeader = "X-Content-Type-Options"
) )
type csp struct { type csp struct {
@ -26,6 +27,7 @@ func (c csp) ServeHTTP(w http.ResponseWriter, r *http.Request) {
} }
w.Header().Set(frameOptionsHeader, c.opts.frame) w.Header().Set(frameOptionsHeader, c.opts.frame)
w.Header().Set(contentTypeOptionsHeader, "nosniff")
c.h.ServeHTTP(w, r) c.h.ServeHTTP(w, r)
} }

1
csp_test.go
View File

@ -11,6 +11,7 @@ import (
var testCSPHeaders = map[string]string{ var testCSPHeaders = map[string]string{
"Content-Security-Policy": "default-src 'none'; style-src 'self';", "Content-Security-Policy": "default-src 'none'; style-src 'self';",
"X-Frame-Options": "SAMEORIGIN", "X-Frame-Options": "SAMEORIGIN",
"X-Content-Type-Options": "nosniff",
} }
func TestContentSecurityPolicy(t *testing.T) { func TestContentSecurityPolicy(t *testing.T) {

Write Preview
Loading…
Cancel
Save