mirrors/omni
1
0
Fork 0
mirror of https://github.com/siderolabs/omni.git synced 2026-05-05 06:36:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add hsts header for omni frontend

Browse Source 
Add HSTS (Strict-Transport-Security) response header to the frontend

Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
This commit is contained in:
Edward Sammut Alessi 2026-03-13 09:06:21 +01:00
parent 385c512d4c
commit 6d52a6970c
No known key found for this signature in database
GPG Key ID: 65558E016966977A
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/frontend/handler.go
View File

@ -110,6 +110,9 @@ func (handler *StaticHandler) serveFile(w http.ResponseWriter, r *http.Request,
defer file.Close() //nolint:errcheck
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
w.Header().Set("X-Content-Type-Options", "nosniff")
if path != index {
w.Header().Set("Vary", "Accept-Encoding, User-Agent")
w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%d, immutable", handler.maxAgeSec))
@ -143,7 +146,6 @@ func (handler *StaticHandler) serveFile(w http.ResponseWriter, r *http.Request,
)
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), "+
"autoplay=(self), battery=(), camera=(), cross-origin-isolated=(self), display-capture=(), "+
"document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), "+