|
@@ -24,6 +24,14 @@ import Paths_hastatic (version)
|
24
|
24
|
|
25
|
25
|
data TLS = Okay TLS.TLSSettings | Error String | None
|
26
|
26
|
|
|
27
|
+addSecureHeaders :: Middleware
|
|
28
|
+addSecureHeaders = modifyResponse $ mapResponseHeaders (++ secureHeaders)
|
|
29
|
+ where
|
|
30
|
+ secureHeaders = [ ("Referrer-Policy", "strict-origin-when-cross-origin")
|
|
31
|
+ , ("X-Frame-Options", "SAMEORIGIN")
|
|
32
|
+ , ("X-XSS-Protection", "1; mode=block")
|
|
33
|
+ ]
|
|
34
|
+
|
27
|
35
|
indexHTML :: T.Text -> Middleware
|
28
|
36
|
indexHTML indexFile app req respond =
|
29
|
37
|
let path = pathInfo req
|
|
@@ -55,6 +63,7 @@ application excludedPaths = do
|
55
|
63
|
indexFile <- T.pack . fromMaybe "index.html" <$> lookupEnv "IDX_FILE"
|
56
|
64
|
cache <- initCaching PublicStaticCaching
|
57
|
65
|
return
|
|
66
|
+ . addSecureHeaders
|
58
|
67
|
. indexHTML indexFile
|
59
|
68
|
. staticPolicy' cache polcy
|
60
|
69
|
. notFoundHandler
|