Add configurable HSTS and some other headers
This commit is contained in:
parent
df02d27674
commit
068f3c04a0
|
@ -58,3 +58,10 @@ secret = ""
|
||||||
[auth.twitter]
|
[auth.twitter]
|
||||||
key = ""
|
key = ""
|
||||||
secret = ""
|
secret = ""
|
||||||
|
|
||||||
|
# Strict-Transport-Security
|
||||||
|
[https.hsts]
|
||||||
|
enabled = false
|
||||||
|
max_age = 31536000
|
||||||
|
include_subdomains = false
|
||||||
|
preload = false
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
var (
|
var (
|
||||||
index_0 = []byte(`<!DOCTYPE html><html lang=en><head><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><title>Dispatch</title><link href="https://fonts.googleapis.com/css?family=Montserrat:400,700|Roboto+Mono:400,700" rel=stylesheet><link href=/`)
|
index_0 = []byte(`<!DOCTYPE html><html lang=en><head><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><title>Dispatch</title><link href="https://fonts.googleapis.com/css?family=Montserrat:400,700|Roboto+Mono:400,700" rel=stylesheet><link href=/`)
|
||||||
index_1 = []byte(` rel=stylesheet></head><body><div id=root></div><script>window.__ENV__=`)
|
index_1 = []byte(` rel=stylesheet></head><body><div id=root></div><script>window.__ENV__=`)
|
||||||
index_2 = []byte(`;</script><script src=/`)
|
index_2 = []byte(`</script><script src=/`)
|
||||||
index_3 = []byte(`></script></body></html>`)
|
index_3 = []byte(`></script></body></html>`)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -17,40 +17,44 @@ import (
|
||||||
"github.com/khlieng/dispatch/assets"
|
"github.com/khlieng/dispatch/assets"
|
||||||
)
|
)
|
||||||
|
|
||||||
var files = []File{
|
var (
|
||||||
File{
|
files = []File{
|
||||||
Path: "bundle.js",
|
File{
|
||||||
Asset: "bundle.js.gz",
|
Path: "bundle.js",
|
||||||
ContentType: "text/javascript",
|
Asset: "bundle.js.gz",
|
||||||
CacheControl: "max-age=31536000",
|
ContentType: "text/javascript",
|
||||||
},
|
CacheControl: "max-age=31536000",
|
||||||
File{
|
},
|
||||||
Path: "bundle.css",
|
File{
|
||||||
Asset: "bundle.css.gz",
|
Path: "bundle.css",
|
||||||
ContentType: "text/css",
|
Asset: "bundle.css.gz",
|
||||||
CacheControl: "max-age=31536000",
|
ContentType: "text/css",
|
||||||
},
|
CacheControl: "max-age=31536000",
|
||||||
File{
|
},
|
||||||
Path: "font/fontello.woff",
|
File{
|
||||||
Asset: "font/fontello.woff.gz",
|
Path: "font/fontello.woff",
|
||||||
ContentType: "application/font-woff",
|
Asset: "font/fontello.woff.gz",
|
||||||
},
|
ContentType: "application/font-woff",
|
||||||
File{
|
},
|
||||||
Path: "font/fontello.ttf",
|
File{
|
||||||
Asset: "font/fontello.ttf.gz",
|
Path: "font/fontello.ttf",
|
||||||
ContentType: "application/x-font-ttf",
|
Asset: "font/fontello.ttf.gz",
|
||||||
},
|
ContentType: "application/x-font-ttf",
|
||||||
File{
|
},
|
||||||
Path: "font/fontello.eot",
|
File{
|
||||||
Asset: "font/fontello.eot.gz",
|
Path: "font/fontello.eot",
|
||||||
ContentType: "application/vnd.ms-fontobject",
|
Asset: "font/fontello.eot.gz",
|
||||||
},
|
ContentType: "application/vnd.ms-fontobject",
|
||||||
File{
|
},
|
||||||
Path: "font/fontello.svg",
|
File{
|
||||||
Asset: "font/fontello.svg.gz",
|
Path: "font/fontello.svg",
|
||||||
ContentType: "image/svg+xml",
|
Asset: "font/fontello.svg.gz",
|
||||||
},
|
ContentType: "image/svg+xml",
|
||||||
}
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
hstsHeader string
|
||||||
|
)
|
||||||
|
|
||||||
type File struct {
|
type File struct {
|
||||||
Path string
|
Path string
|
||||||
|
@ -76,6 +80,17 @@ func initFileServer() {
|
||||||
|
|
||||||
hash = md5.Sum(data)
|
hash = md5.Sum(data)
|
||||||
files[1].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".css"
|
files[1].Path = "bundle." + base64.RawURLEncoding.EncodeToString(hash[:]) + ".css"
|
||||||
|
|
||||||
|
if viper.GetBool("https.hsts.enabled") {
|
||||||
|
hstsHeader = "max-age=" + viper.GetString("https.hsts.max_age")
|
||||||
|
|
||||||
|
if viper.GetBool("https.hsts.include_subdomains") {
|
||||||
|
hstsHeader += "; includeSubDomains"
|
||||||
|
}
|
||||||
|
if viper.GetBool("https.hsts.preload") {
|
||||||
|
hstsHeader += "; preload"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,11 +127,19 @@ func serveIndex(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set("Cache-Control", "no-store")
|
|
||||||
w.Header().Set("Content-Type", "text/html")
|
w.Header().Set("Content-Type", "text/html")
|
||||||
|
w.Header().Set("Cache-Control", "no-store")
|
||||||
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||||
|
w.Header().Set("X-Frame-Options", "deny")
|
||||||
|
w.Header().Set("X-XSS-Protection", "1; mode=block")
|
||||||
|
|
||||||
|
if hstsHeader != "" {
|
||||||
|
w.Header().Set("Strict-Transport-Security", hstsHeader)
|
||||||
|
}
|
||||||
|
|
||||||
if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
|
if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
|
||||||
w.Header().Set("Content-Encoding", "gzip")
|
w.Header().Set("Content-Encoding", "gzip")
|
||||||
|
|
||||||
gzw := gzip.NewWriter(w)
|
gzw := gzip.NewWriter(w)
|
||||||
renderIndex(gzw, session)
|
renderIndex(gzw, session)
|
||||||
gzw.Close()
|
gzw.Close()
|
||||||
|
|
Loading…
Reference in New Issue