forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathheaders.go
28 lines (25 loc) · 852 Bytes
/
headers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
package headers
import (
"net/http"
)
func SetStandardHeaders(w http.ResponseWriter) {
// We cannot set HSTS by default, it has too many drawbacks in environments
// that use self-signed certs
standardHeaders := map[string]string{
// Turn off caching, it never makes sense for authorization pages
"Cache-Control": "no-cache, no-store",
"Pragma": "no-cache",
"Expires": "0",
// Use a reasonably strict Referer policy by default
"Referrer-Policy": "strict-origin-when-cross-origin",
// Do not allow embedding as that can lead to clickjacking attacks
"X-Frame-Options": "DENY",
// Add other basic security hygiene headers
"X-Content-Type-Options": "nosniff",
"X-DNS-Prefetch-Control": "off",
"X-XSS-Protection": "1; mode=block",
}
for key, val := range standardHeaders {
w.Header().Set(key, val)
}
}