Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_file_share: More security headers
authorKim Alvefur <zash@zash.se>
Wed, 27 Jan 2021 19:51:36 +0100
changeset 11331 6f2b69469060
parent 11330 1ecda954fe97
child 11332 ceaa3cebf28b
mod_http_file_share: More security headers
plugins/mod_http_file_share.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_http_file_share.lua	Wed Jan 27 18:26:24 2021 +0100
+++ b/plugins/mod_http_file_share.lua	Wed Jan 27 19:51:36 2021 +0100
@@ -248,10 +248,12 @@
 
 	response.headers.cache_control = "max-age=31556952, immutable";
 	response.headers.content_security_policy =  "default-src 'none'; frame-ancestors 'none';"
+	response.headers.strict_transport_security = "max-age=31556952";
+	response.headers.x_content_type_options = "nosniff";
+	response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP?
+	response.headers.x_xss_protection = "1; mode=block";
 
 	return response:send_file(handle);
-	-- TODO
-	-- Set security headers
 end
 
 -- TODO periodic cleanup job
prosody