From b9d60f6a698fcecfa961cfe6960401201f775a0f Mon Sep 17 00:00:00 2001 From: root Date: Sat, 16 Jun 2018 09:18:08 +0200 Subject: [PATCH 1/2] Added security headers for each HTTP response --- code/espurna/web.ino | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/code/espurna/web.ino b/code/espurna/web.ino index 8deb4c4d..01755f41 100644 --- a/code/espurna/web.ino +++ b/code/espurna/web.ino @@ -57,7 +57,9 @@ void _onGetConfig(AsyncWebServerRequest *request) { char buffer[100]; snprintf_P(buffer, sizeof(buffer), PSTR("attachment; filename=\"%s-backup.json\""), (char *) getSetting("hostname").c_str()); response->addHeader("Content-Disposition", buffer); - + response->addHeader("X-XSS-Protection", "1; mode=block"); + response->addHeader("X-Content-Type-Options", "nosniff"); + response->addHeader("X-Frame-Options", "deny"); request->send(response); } @@ -151,6 +153,9 @@ void _onHome(AsyncWebServerRequest *request) { response->addHeader("Content-Encoding", "gzip"); response->addHeader("Last-Modified", _last_modified); + response->addHeader("X-XSS-Protection", "1; mode=block"); + response->addHeader("X-Content-Type-Options", "nosniff"); + response->addHeader("X-Frame-Options", "deny"); request->send(response); } @@ -223,6 +228,10 @@ void _onUpgrade(AsyncWebServerRequest *request) { AsyncWebServerResponse *response = request->beginResponse(200, "text/plain", buffer); response->addHeader("Connection", "close"); + response->addHeader("X-XSS-Protection", "1; mode=block"); + response->addHeader("X-Content-Type-Options", "nosniff"); + response->addHeader("X-Frame-Options", "deny"); + if (!Update.hasError()) { deferredReset(100, CUSTOM_RESET_UPGRADE); } From 83cfb98ad595539be74f748065f1be062508579c Mon Sep 17 00:00:00 2001 From: Maxim Prokhorov Date: Tue, 19 Jun 2018 16:52:04 +0300 Subject: [PATCH 2/2] Update build_flags to use new ldscript --- code/platformio.ini | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/code/platformio.ini b/code/platformio.ini index 26f19492..e5056070 100644 --- a/code/platformio.ini +++ b/code/platformio.ini @@ -1144,7 +1144,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DHUACANXING_H801 +build_flags = ${common.build_flags_1m0m} -DHUACANXING_H801 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1155,7 +1155,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DHUACANXING_H801 +build_flags = ${common.build_flags_1m0m} -DHUACANXING_H801 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1169,7 +1169,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DHUACANXING_H802 +build_flags = ${common.build_flags_1m0m} -DHUACANXING_H802 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1180,7 +1180,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DHUACANXING_H802 +build_flags = ${common.build_flags_1m0m} -DHUACANXING_H802 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1194,7 +1194,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC01 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC01 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1205,7 +1205,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC01 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC01 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1219,7 +1219,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC02 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC02 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1230,7 +1230,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC02 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC02 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1244,7 +1244,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC06 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC06 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1255,7 +1255,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC06 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC06 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1269,7 +1269,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC11 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC11 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1280,7 +1280,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_AL_LC11 +build_flags = ${common.build_flags_1m0m} -DARILUX_AL_LC11 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -1294,7 +1294,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_E27 +build_flags = ${common.build_flags_1m0m} -DARILUX_E27 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -1305,7 +1305,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = -g -Wl,-Tesp8266.flash.1m0.ld -DARILUX_E27 +build_flags = ${common.build_flags_1m0m} -DARILUX_E27 upload_speed = 115200 upload_port = ${common.upload_port} upload_flags = ${common.upload_flags} @@ -2211,7 +2211,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = ${common.build_flags_1m} -DPILOTAK_ESP_DIN_V1 +build_flags = ${common.build_flags_1m0m} -DPILOTAK_ESP_DIN_V1 monitor_speed = 115200 extra_scripts = ${common.extra_scripts} @@ -2222,7 +2222,7 @@ board = esp01_1m board_build.flash_mode = dout lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = ${common.build_flags_1m} -DPILOTAK_ESP_DIN_V1 +build_flags = ${common.build_flags_1m0m} -DPILOTAK_ESP_DIN_V1 upload_speed = 115200 upload_port = "${env.ESPURNA_IP}" upload_flags = --auth=${env.ESPURNA_AUTH} --port 8266 @@ -2234,7 +2234,7 @@ framework = arduino board = nodemcu lib_deps = ${common.lib_deps} lib_ignore = ${common.lib_ignore} -build_flags = ${common.build_flags} -DNODEMCU_BASIC -DNOWSAUTH -DGEIGER_SUPPORT=1 -DEVENTS_SUPPORT=0 -DINFLUXDB_SUPPORT=1 -DALEXA_SUPPORT=0 -DALEXA_ENABLED=0 +build_flags = ${common.build_flags_1m0m} -DNODEMCU_BASIC -DNOWSAUTH -DGEIGER_SUPPORT=1 -DEVENTS_SUPPORT=0 -DINFLUXDB_SUPPORT=1 -DALEXA_SUPPORT=0 -DALEXA_ENABLED=0 upload_speed = 460800 monitor_speed = 115200 extra_scripts = ${common.extra_scripts}