mh
/
mhsw-espurna
1
0
Fork 0
Code Releases 0 Activity
Browse Source

Merge pull request #949 from ITNerdbox/master 

Added security headers for each HTTP response
fastled^2
Xose Pérez 6 years ago
committed by GitHub
parent
b7915c3643 c567dd220d
commit
f196717365
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +9
    -1
      code/espurna/web.ino

+ 9
- 1
code/espurna/web.ino View File

@ -60,7 +60,9 @@ void _onGetConfig(AsyncWebServerRequest *request) {
char buffer[100]; char buffer[100];
snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s-backup.json\""), (char *) getSetting("hostname").c_str()); snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s-backup.json\""), (char *) getSetting("hostname").c_str());
response->addHeader("Content-Disposition", buffer); response->addHeader("Content-Disposition", buffer);
response->addHeader("X-XSS-Protection", "1; mode=block");
response->addHeader("X-Content-Type-Options", "nosniff");
response->addHeader("X-Frame-Options", "deny");
request->send(response); request->send(response);
} }
@ -158,6 +160,9 @@ void _onHome(AsyncWebServerRequest *request) {
response->addHeader("Content-Encoding", "gzip"); response->addHeader("Content-Encoding", "gzip");
response->addHeader("Last-Modified", _last_modified); response->addHeader("Last-Modified", _last_modified);
response->addHeader("X-XSS-Protection", "1; mode=block");
response->addHeader("X-Content-Type-Options", "nosniff");
response->addHeader("X-Frame-Options", "deny");
request->send(response); request->send(response);
} }
@ -232,6 +237,9 @@ void _onUpgrade(AsyncWebServerRequest *request) {
AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", buffer); AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", buffer);
response->addHeader("Connection", "close"); response->addHeader("Connection", "close");
response->addHeader("X-XSS-Protection", "1; mode=block");
response->addHeader("X-Content-Type-Options", "nosniff");
response->addHeader("X-Frame-Options", "deny");
if (Update.hasError()) { if (Update.hasError()) {
eepromRotate(true); eepromRotate(true);
} else { } else {


Write Preview
Loading…
Cancel
Save