From 204c6729e755804ac017a19ff08f99e7f10a9db2 Mon Sep 17 00:00:00 2001
From: Jake Gold <52801504+Jacob2161@users.noreply.github.com>
Date: Wed, 3 May 2023 07:14:29 -0700
Subject: add required security HTTP headers (#568)

---
 bskyweb/cmd/bskyweb/server.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'bskyweb/cmd')

diff --git a/bskyweb/cmd/bskyweb/server.go b/bskyweb/cmd/bskyweb/server.go
index 07804e7ce..5e934c6b0 100644
--- a/bskyweb/cmd/bskyweb/server.go
+++ b/bskyweb/cmd/bskyweb/server.go
@@ -73,6 +73,15 @@ func serve(cctx *cli.Context) error {
 
 	e := echo.New()
 	e.HideBanner = true
+	// SECURITY: Do not modify without due consideration.
+	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+		ContentTypeNosniff: "nosniff",
+		XFrameOptions:      "SAMEORIGIN",
+		HSTSMaxAge:         31536000, // 365 days
+		// TODO:
+		// ContentSecurityPolicy
+		// XSSProtection
+	}))
 	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
 		// Don't log requests for static content.
 		Skipper: func(c echo.Context) bool {
-- 
cgit 1.4.1