summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2017-09-02 17:45:37 +0200
committerJo-Philipp Wich <jo@mein.io>2017-09-02 17:45:37 +0200
commit11d0129f9661155dd2bd44cce5866726acd53433 (patch)
tree59ec0f71490e2b579350a5460535ed1b613b4962 /modules/luci-base/luasrc
parent4fe36c2f3c76a6ec65812678a858ce499ebf9357 (diff)
http: add random security headers
Fixes #1343. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r--modules/luci-base/luasrc/http.lua10
1 files changed, 9 insertions, 1 deletions
diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua
index 8795dfc4b2..9cc9857867 100644
--- a/modules/luci-base/luasrc/http.lua
+++ b/modules/luci-base/luasrc/http.lua
@@ -224,7 +224,15 @@ function write(content, src_err)
header("Cache-Control", "no-cache")
header("Expires", "0")
end
-
+ if not context.headers["x-frame-options"] then
+ header("X-Frame-Options", "SAMEORIGIN")
+ end
+ if not context.headers["x-xss-protection"] then
+ header("X-XSS-Protection", "1; mode=block")
+ end
+ if not context.headers["x-content-type-options"] then
+ header("X-Content-Type-Options", "nosniff")
+ end
context.eoh = true
coroutine.yield(3)