diff options
author | Mike Crute <mike@crute.us> | 2023-09-26 21:01:39 -0700 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2023-09-26 21:01:39 -0700 |
commit | 209764b611eb5f12122ec6f3d6de109a20be25d0 (patch) | |
tree | 0dd4ab621d5574016089f200af86e2649aee5651 | |
parent | 80d29e75bf9e9d9ed44cca9890041e2a96b271cf (diff) | |
download | golib-209764b611eb5f12122ec6f3d6de109a20be25d0.tar.bz2 golib-209764b611eb5f12122ec6f3d6de109a20be25d0.tar.xz golib-209764b611eb5f12122ec6f3d6de109a20be25d0.zip |
echo: disable old security headers
-rw-r--r-- | echo/middleware/strict_secure.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/echo/middleware/strict_secure.go b/echo/middleware/strict_secure.go index 0b61b92..2705724 100644 --- a/echo/middleware/strict_secure.go +++ b/echo/middleware/strict_secure.go | |||
@@ -11,12 +11,18 @@ import ( | |||
11 | // the legacy nginx proxy defaults. | 11 | // the legacy nginx proxy defaults. |
12 | func StrictSecure() echo.MiddlewareFunc { | 12 | func StrictSecure() echo.MiddlewareFunc { |
13 | return middleware.SecureWithConfig(middleware.SecureConfig{ | 13 | return middleware.SecureWithConfig(middleware.SecureConfig{ |
14 | XFrameOptions: "SAMEORIGIN", | ||
15 | ContentTypeNosniff: "nosniff", | 14 | ContentTypeNosniff: "nosniff", |
16 | XSSProtection: "1; mode=block", | ||
17 | ReferrerPolicy: "same-origin", | 15 | ReferrerPolicy: "same-origin", |
18 | HSTSExcludeSubdomains: false, | 16 | HSTSExcludeSubdomains: false, |
19 | HSTSPreloadEnabled: true, | 17 | HSTSPreloadEnabled: true, |
20 | HSTSMaxAge: gltime.ToSeconds(2 * gltime.Year), | 18 | HSTSMaxAge: gltime.ToSeconds(2 * gltime.Year), |
19 | |||
20 | // No longer used, subsumed by the frame-source option of CSP: | ||
21 | // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
22 | XFrameOptions: "", | ||
23 | |||
24 | // Should never be used according to: | ||
25 | // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection | ||
26 | XSSProtection: "", | ||
21 | }) | 27 | }) |
22 | } | 28 | } |