Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

httpd: add cross origin resource and embedder policy headers

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2025-01-24 19:33:45 +01:00
parent 83ee977746
commit 48258f6e67
6 changed files with 68 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/httpd/internal_test.go
View File

@@ -3389,11 +3389,14 @@ func TestSecureMiddlewareIntegration(t *testing.T) {
Value: "https",
},
},
STSSeconds: 31536000,
STSIncludeSubdomains: true,
STSPreload: true,
ContentTypeNosniff: true,
CacheControl: "private",
STSSeconds: 31536000,
STSIncludeSubdomains: true,
STSPreload: true,
ContentTypeNosniff: true,
CacheControl: "private",
CrossOriginOpenerPolicy: "same-origin",
CrossOriginResourcePolicy: "same-site",
CrossOriginEmbedderPolicy: "require-corp",
},
},
enableWebAdmin: true,
@@ -3448,6 +3451,9 @@ func TestSecureMiddlewareIntegration(t *testing.T) {
assert.NotEmpty(t, r.Header.Get(forwardedHostHeader))
assert.Equal(t, "max-age=31536000; includeSubDomains; preload", rr.Header().Get("Strict-Transport-Security"))
assert.Equal(t, "nosniff", rr.Header().Get("X-Content-Type-Options"))
assert.Equal(t, "require-corp", rr.Header().Get("Cross-Origin-Embedder-Policy"))
assert.Equal(t, "same-origin", rr.Header().Get("Cross-Origin-Opener-Policy"))
assert.Equal(t, "same-site", rr.Header().Get("Cross-Origin-Resource-Policy"))
server.binding.Security.Enabled = false
server.binding.Security.updateProxyHeaders()