standard_security_headers

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: MIT Imports: 6 Imported by: 0

README

Security Headers Plugin

This plugin will append some standard security headers based on the response mime-type.

Configuration example:

http:
  middlewares:
    standard-security-headers:
      plugin:
        standard-security-headers:
          sanitizeExposingHeaders: "true"
          defaultHeaders:
            xframeOptions: "SAMEORIGIN"
          forceHeaders:
            contentTypeOptions: "nosniff"

Testing Methods

Testing by using local plugin functionality, assuming the code is checked out to C:\devel\standard-security-headers-plugin:

docker run --rm -it -p 8888:80 -v C:\devel\standard-security-headers-plugin\:/srv/plugins-local/src/github.com/cdwiegand/standard-security-headers-plugin:ro -w /srv traefik:3.0 --entryPoints.web.address=:80 --experimental.localPlugins.standard_security_headers.modulename=github.com/cdwiegand/standard-security-headers-plugin --providers.file.filename=/srv/plugins-local/src/github.com/cdwiegand/standard-security-headers-plugin/testing.traefik.yml --api=true --api.dashboard=true

and go to http://localhost:8888/dashboard/ and inspect the browser's Network tab to see the Server header in the response replaced with "Nope/2.0".

Documentation

Index

Constants

View Source
const (
	Header_XFrameOptions                    = "X-Frame-Options"
	Default_XFrameOptions                   = "SAMEORIGIN"
	Force_XFrameOptions                     = ""
	Header_ContentTypeOptions               = "X-Content-Type-Options"
	Default_ContentTypeOptions              = "nosniff"
	Force_ContentTypeOptions                = "nosniff"
	Header_XssProtection                    = "X-XSS-Protection"
	Default_XssProtection                   = "1; mode=block"
	Force_XssProtection                     = "1; mode=block"
	Header_ReferrerPolicy                   = "Referrer-Policy"
	Default_ReferrerPolicy                  = "strict-origin-when-cross-origin"
	Force_ReferrerPolicy                    = ""
	Header_StrictTransportSecurity          = "Strict-Transport-Security"
	Default_StrictTransportSecurity         = "max-age=63072000; includeSubDomains; preload"
	Force_StrictTransportSecurity           = ""
	Header_ContentSecurityPolicy            = "Content-Security-Policy"
	Default_ContentSecurityPolicy           = ""
	Force_ContentSecurityPolicy             = ""
	Header_ContentSecurityPolicyReportOnly  = "Content-Security-Policy-Report-Only"
	Default_ContentSecurityPolicyReportOnly = ""
	Force_ContentSecurityPolicyReportOnly   = ""
	Header_CrossOriginOpenerPolicy          = "Cross-Origin-Opener-Policy"
	Default_CrossOriginOpenerPolicy         = ""
	Force_CrossOriginOpenerPolicy           = ""
	Header_CrossOriginEmbedderPolicy        = "Cross-Origin-Embedder-Policy"
	Default_CrossOriginEmbedderPolicy       = ""
	Force_CrossOriginEmbedderPolicy         = ""
	Header_CrossOriginResourcePolicy        = "Cross-Origin-Resource-Policy"
	Default_CrossOriginResourcePolicy       = ""
	Force_CrossOriginResourcePolicy         = ""
	Header_PermissionsPolicy                = "Permissions-Policy"
	Default_PermissionsPolicy               = ""
	Force_PermissionsPolicy                 = ""
)

Variables

This section is empty.

Functions

func New

func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error)

New created a new plugin, with a config that's been set (possibly) by the admin

func TestServeHTTP

func TestServeHTTP(t *testing.T)

Types

type Config

type Config struct {
	SanitizeExposingHeaders bool          `json:"sanitizeExposingHeaders"`
	DefaultHeaders          ConfigHeaders `json:"defaultHeaders"`
	ForceHeaders            ConfigHeaders `json:"forceHeaders"`
}

Config the plugin configuration.

func CreateConfig

func CreateConfig() *Config

CreateConfig creates the DEFAULT plugin configuration - no access to config yet!

type ConfigHeaders added in v0.2.0

type ConfigHeaders struct {
	XFrameOptions                   string `json:"xframeOptions"`
	ContentTypeOptions              string `json:"contentTypeOptions"`
	XssProtection                   string `json:"xssProtection"`
	ReferrerPolicy                  string `json:"referrerPolicy"`
	StrictTransportSecurity         string `json:"strictTransportSecurity"`
	ContentSecurityPolicy           string `json:"contentSecurityPolicy"`
	ContentSecurityPolicyReportOnly string `json:"contentSecurityPolicyReportOnly"`
	CrossOriginOpenerPolicy         string `json:"crossOriginOpenerPolicy"`
	CrossOriginEmbedderPolicy       string `json:"crossOriginEmbedderPolicy"`
	CrossOriginResourcePolicy       string `json:"crossOriginResourcePolicy"`
	PermissionsPolicy               string `json:"permissionsPolicy"`
}

type StandardSecurityPlugin

type StandardSecurityPlugin struct {
	Config *Config
	// contains filtered or unexported fields
}

StandardSecurityPlugin header

func (*StandardSecurityPlugin) ServeHTTP

func (t *StandardSecurityPlugin) ServeHTTP(rw http.ResponseWriter, req *http.Request)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL