self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-09-18 15:31:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add security HTTP Headers (#5805)

Browse source 
Some HTTP security headers in Minio.
To avoid problems with XSS and Clickjacking attacks.

X-Frame-Options
X-Frame-Options response header improve the protection
of web applications against Clickjacking. It declares a
policy communicated from a host to the client browser
on whether the browser must not display the transmitted
content in frames of other web pages.

X-XSS-Protection
This header enables the Cross-site scripting (XSS) filter in your browser.
This commit is contained in:
rwagner_inf 2018-04-12 18:09:38 -03:00 committed by Harshavardhana
parent bd8d6e3c4e
commit e39de65367
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
vendor/github.com/gorilla/rpc/v2/server.go generated vendored
View file

@ -149,6 +149,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Prevents Internet Explorer from MIME-sniffing a response away
// from the declared content-type
w.Header().Set("x-content-type-options", "nosniff")
// Prevents against XSS Atacks
w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
// Prevents against Clickjacking
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
// Encode the response.
if errResult == nil {
codecReq.WriteResponse(w, reply.Interface())