add required security HTTP headers (#568)

author: Jake Gold <52801504+Jacob2161@users.noreply.github.com> 2023-05-03 07:14:29 -0700
committer: GitHub <noreply@github.com> 2023-05-03 07:14:29 -0700
commit: 204c6729e755804ac017a19ff08f99e7f10a9db2 (patch)
tree: a314c1c516ab7f8e0453ab95a613e893e47046c5 /bskyweb
parent: 14e9719bccbe180f2da16ec4b4a981960ffe27f7 (diff)
download: voidsky-204c6729e755804ac017a19ff08f99e7f10a9db2.tar.zst
1 files changed, 9 insertions, 0 deletions
diff --git a/bskyweb/cmd/bskyweb/server.go b/bskyweb/cmd/bskyweb/server.go
index 07804e7ce..5e934c6b0 100644
--- a/bskyweb/cmd/bskyweb/server.go
+++ b/bskyweb/cmd/bskyweb/server.go
@@ -73,6 +73,15 @@ func serve(cctx *cli.Context) error {
 
 	e := echo.New()
 	e.HideBanner = true
+	// SECURITY: Do not modify without due consideration.
+	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+		ContentTypeNosniff: "nosniff",
+		XFrameOptions:      "SAMEORIGIN",
+		HSTSMaxAge:         31536000, // 365 days
+		// TODO:
+		// ContentSecurityPolicy
+		// XSSProtection
+	}))
 	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
 		// Don't log requests for static content.
 		Skipper: func(c echo.Context) bool {
author	Jake Gold <52801504+Jacob2161@users.noreply.github.com>	2023-05-03 07:14:29 -0700
committer	GitHub <noreply@github.com>	2023-05-03 07:14:29 -0700
commit	204c6729e755804ac017a19ff08f99e7f10a9db2 (patch)
tree	a314c1c516ab7f8e0453ab95a613e893e47046c5 /bskyweb
parent	14e9719bccbe180f2da16ec4b4a981960ffe27f7 (diff)
download	voidsky-204c6729e755804ac017a19ff08f99e7f10a9db2.tar.zst