aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Crute <mike@crute.us>2023-09-26 21:01:39 -0700
committerMike Crute <mike@crute.us>2023-09-26 21:01:39 -0700
commit209764b611eb5f12122ec6f3d6de109a20be25d0 (patch)
tree0dd4ab621d5574016089f200af86e2649aee5651
parent80d29e75bf9e9d9ed44cca9890041e2a96b271cf (diff)
downloadgolib-209764b611eb5f12122ec6f3d6de109a20be25d0.tar.bz2
golib-209764b611eb5f12122ec6f3d6de109a20be25d0.tar.xz
golib-209764b611eb5f12122ec6f3d6de109a20be25d0.zip
echo: disable old security headers
Diffstat
-rw-r--r--echo/middleware/strict_secure.go10
1 files changed, 8 insertions, 2 deletions
diff --git a/echo/middleware/strict_secure.go b/echo/middleware/strict_secure.go
index 0b61b92..2705724 100644
--- a/echo/middleware/strict_secure.go
+++ b/echo/middleware/strict_secure.go
@@ -11,12 +11,18 @@ import (
11// the legacy nginx proxy defaults. 11// the legacy nginx proxy defaults.
12func StrictSecure() echo.MiddlewareFunc { 12func StrictSecure() echo.MiddlewareFunc {
13 return middleware.SecureWithConfig(middleware.SecureConfig{ 13 return middleware.SecureWithConfig(middleware.SecureConfig{
14 XFrameOptions: "SAMEORIGIN",
15 ContentTypeNosniff: "nosniff", 14 ContentTypeNosniff: "nosniff",
16 XSSProtection: "1; mode=block",
17 ReferrerPolicy: "same-origin", 15 ReferrerPolicy: "same-origin",
18 HSTSExcludeSubdomains: false, 16 HSTSExcludeSubdomains: false,
19 HSTSPreloadEnabled: true, 17 HSTSPreloadEnabled: true,
20 HSTSMaxAge: gltime.ToSeconds(2 * gltime.Year), 18 HSTSMaxAge: gltime.ToSeconds(2 * gltime.Year),
19
20 // No longer used, subsumed by the frame-source option of CSP:
21 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
22 XFrameOptions: "",
23
24 // Should never be used according to:
25 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
26 XSSProtection: "",
21 }) 27 })
22} 28}
© 2015 Mike Crute