Add security HTTP Headers (#5805)

Some HTTP security headers in Minio. To avoid problems with XSS and Clickjacking attacks. X-Frame-Options X-Frame-Options response header improve the protection of web applications against Clickjacking. It declares a policy communicated from a host to the client browser on whether the browser must not display the transmitted content in frames of other web pages. X-XSS-Protection This header enables the Cross-site scripting (XSS) filter in your browser.
7 years ago · e39de65367
parent bd8d6e3c4e
commit e39de65367
1 changed files with 5 additions and 0 deletions
--- a/vendor/github.com/gorilla/rpc/v2/server.go
+++ b/vendor/github.com/gorilla/rpc/v2/server.go
@ -149,6 +149,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Prevents Internet Explorer from MIME-sniffing a response away
 	// from the declared content-type
 	w.Header().Set("x-content-type-options", "nosniff")
+	// Prevents against XSS Atacks
+	w.Header().Set("X-XSS-Protection", "\"1; mode=block\"")
+	// Prevents against Clickjacking
+	w.Header().Set("X-Frame-Options", "SAMEORIGIN")
+	
 	// Encode the response.
 	if errResult == nil {
 		codecReq.WriteResponse(w, reply.Interface())