mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-24 04:58:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: add CSP and other security related headers in the oCIS proxy service (#8777)

Browse Source 
* feat: add CSP and other security related headers in the oCIS proxy service

* fix: consolidate security related headers - drop middleware.Secure

* fix: use github.com/DeepDiver1975/secure

* fix: acceptance tests

* feat: support env var replacements in csp.yaml
This commit is contained in:
Thomas Müller
2024-04-26 09:10:35 +02:00
committed by GitHub
parent d3415a8c92
commit bdbba929d0
47 changed files with 2357 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/pkg/middleware/silentrefresh.go
-1
View File
@@ -7,7 +7,6 @@ import (
// SilentRefresh allows the oidc client lib to silently refresh the token in an iframe
func SilentRefresh(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
next.ServeHTTP(w, r)
})
services/web/pkg/server/http/server.go
-1
View File
@@ -84,7 +84,6 @@ func Server(opts ...Option) (http.Service, error) {
chimiddleware.RealIP,
chimiddleware.RequestID,
middleware.NoCache,
middleware.Secure,
webmid.SilentRefresh,
middleware.Version(
"web",