3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 01:47:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

cmd/pomerium: redirect http and add hsts headers (#92)

Browse source
This commit is contained in:
Bobby DeSimone 2019-04-24 13:29:11 -07:00 committed by GitHub
parent fbe1cae482
commit 857b9e5773
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

8
authenticate/handlers.go
View file

@ -16,11 +16,13 @@ import (
"github.com/pomerium/pomerium/internal/version"
)
// securityHeaders corresponds to HTTP response headers that help to protect against protocol
// downgrade attacks and cookie hijacking.
// securityHeaders corresponds to HTTP response headers that help to protect
// against protocol downgrade attacks and cookie hijacking.
//
// https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers
// https://https.cio.gov/hsts/
var securityHeaders = map[string]string{
"Strict-Transport-Security": "max-age=31536000",
"Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload",
"X-Frame-Options": "DENY",
"X-Content-Type-Options": "nosniff",
"X-XSS-Protection": "1; mode=block",