Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nice to have more http headers #12256

Merged
merged 13 commits into from
Jul 19, 2021
Merged

Nice to have more http headers #12256

merged 13 commits into from
Jul 19, 2021

Conversation

sakkiii
Copy link
Contributor

@sakkiii sakkiii commented May 7, 2021

Description

Motivation and Context

Added more security headers for better security

  • X-Frame-Options tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
  • X-Content-Type-Options stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type. The only valid value for this header is "X-Content-Type-Options: nosniff".
  • HTTP Strict Transport Security is an excellent feature to support on your site and strengthens your implementation of TLS by getting the User Agent to enforce the use of HTTPS.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Security Enhancements

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Documentation updated
  • Unit tests added/updated

@klauspost klauspost requested a review from aead May 10, 2021 08:07
aead
aead approved these changes May 10, 2021
View reviewed changes
Copy link
Member

@aead aead left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - HSTS is acceptable since on non-TLS connections it's ignored by clients.

klauspost
klauspost approved these changes May 10, 2021
View reviewed changes
Copy link
Contributor

@klauspost klauspost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

harshavardhana
harshavardhana requested changes May 13, 2021
View reviewed changes
cmd/generic-handlers.go Outdated Show resolved Hide resolved
cmd/generic-handlers.go Outdated Show resolved Hide resolved
sakkiii and others added 2 commits May 13, 2021 21:04
@sakkiii @harshavardhana
Update cmd/generic-handlers.go
22af372 
Co-authored-by: Harshavardhana <harsha@minio.io>
@sakkiii @harshavardhana
Update cmd/generic-handlers.go
1551974 
comment format fix

Co-authored-by: Harshavardhana <harsha@minio.io>
@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-nas.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
Deleting image on docker hub
Deleting image locally

@harshavardhana harshavardhana merged commit 69e0faa into minio:master Jul 19, 2021
@cweiske cweiske mentioned this pull request Jul 22, 2021
Open
@atultherajput atultherajput mentioned this pull request Apr 5, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@klauspost klauspost klauspost approved these changes

@aead aead aead approved these changes

Assignees
No one assigned
Labels
do-not-close external
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sakkiii @minio-trusted @harshavardhana @klauspost @aead