Software / code / prosody
Changeset
11327:6f2b69469060
mod_http_file_share: More security headers
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 27 Jan 2021 19:51:36 +0100 |
| parents | 11326:1ecda954fe97 |
| children | 11328:ceaa3cebf28b |
| files | plugins/mod_http_file_share.lua |
| diffstat | 1 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua Wed Jan 27 18:26:24 2021 +0100 +++ b/plugins/mod_http_file_share.lua Wed Jan 27 19:51:36 2021 +0100 @@ -248,10 +248,12 @@ response.headers.cache_control = "max-age=31556952, immutable"; response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" + response.headers.strict_transport_security = "max-age=31556952"; + response.headers.x_content_type_options = "nosniff"; + response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP? + response.headers.x_xss_protection = "1; mode=block"; return response:send_file(handle); - -- TODO - -- Set security headers end -- TODO periodic cleanup job
