Adds security headers in response

This commit is contained in:
Abhinav Sarkar 2018-08-27 22:31:09 +05:30
parent 91a5514aee
commit f816f6d591
2 changed files with 10 additions and 0 deletions

View File

@ -14,6 +14,7 @@ _hastatic_ is a very small web server for serving static files from a Docker con
- Supports custom index files for URLs ending with "/".
- Takes care to not serve hidden files.
- Adds caching headers automatically.
- Adds security headers automatically.
- Caches file descriptors and info for better performance.
## Usage

View File

@ -24,6 +24,14 @@ import Paths_hastatic (version)
data TLS = Okay TLS.TLSSettings | Error String | None
addSecureHeaders :: Middleware
addSecureHeaders = modifyResponse $ mapResponseHeaders (++ secureHeaders)
where
secureHeaders = [ ("Referrer-Policy", "strict-origin-when-cross-origin")
, ("X-Frame-Options", "SAMEORIGIN")
, ("X-XSS-Protection", "1; mode=block")
]
indexHTML :: T.Text -> Middleware
indexHTML indexFile app req respond =
let path = pathInfo req
@ -55,6 +63,7 @@ application excludedPaths = do
indexFile <- T.pack . fromMaybe "index.html" <$> lookupEnv "IDX_FILE"
cache <- initCaching PublicStaticCaching
return
. addSecureHeaders
. indexHTML indexFile
. staticPolicy' cache polcy
. notFoundHandler