authelia/internal/middlewares/headers.go

package middlewares

import (
	"github.com/valyala/fasthttp"
)

// SecurityHeaders middleware adds several modern recommended security headers with safe values.
func SecurityHeaders(next fasthttp.RequestHandler) fasthttp.RequestHandler {
	return func(ctx *fasthttp.RequestCtx) {
		ctx.Response.Header.SetBytesKV(headerXContentTypeOptions, headerValueNoSniff)
		ctx.Response.Header.SetBytesKV(headerReferrerPolicy, headerValueStrictOriginCrossOrigin)
		ctx.Response.Header.SetBytesKV(headerPermissionsPolicy, headerValueCohort)

		next(ctx)
	}
}
fix(server): missing modern security headers (#3288) This fixes an issue with missing modern security headers such as the X-Content-Type-Options, Referer-Policy, etc. 2022-05-03 02:19:30 +00:00			`package middlewares`

			`import (`
			`"github.com/valyala/fasthttp"`
			`)`

			`// SecurityHeaders middleware adds several modern recommended security headers with safe values.`
			`func SecurityHeaders(next fasthttp.RequestHandler) fasthttp.RequestHandler {`
			`return func(ctx *fasthttp.RequestCtx) {`
			`ctx.Response.Header.SetBytesKV(headerXContentTypeOptions, headerValueNoSniff)`
			`ctx.Response.Header.SetBytesKV(headerReferrerPolicy, headerValueStrictOriginCrossOrigin)`
			`ctx.Response.Header.SetBytesKV(headerPermissionsPolicy, headerValueCohort)`

			`next(ctx)`
			`}`
			`}`