diff options
author | Jo-Philipp Wich <jo@mein.io> | 2017-09-02 17:45:37 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2017-09-02 17:45:37 +0200 |
commit | 11d0129f9661155dd2bd44cce5866726acd53433 (patch) | |
tree | 59ec0f71490e2b579350a5460535ed1b613b4962 /modules/luci-base/luasrc/http.lua | |
parent | 4fe36c2f3c76a6ec65812678a858ce499ebf9357 (diff) |
http: add random security headers
Fixes #1343.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc/http.lua')
-rw-r--r-- | modules/luci-base/luasrc/http.lua | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua index 8795dfc4b..9cc985786 100644 --- a/modules/luci-base/luasrc/http.lua +++ b/modules/luci-base/luasrc/http.lua @@ -224,7 +224,15 @@ function write(content, src_err) header("Cache-Control", "no-cache") header("Expires", "0") end - + if not context.headers["x-frame-options"] then + header("X-Frame-Options", "SAMEORIGIN") + end + if not context.headers["x-xss-protection"] then + header("X-XSS-Protection", "1; mode=block") + end + if not context.headers["x-content-type-options"] then + header("X-Content-Type-Options", "nosniff") + end context.eoh = true coroutine.yield(3) |