Skip to content

Commit

Permalink
ipn/localapi: set security headers
Browse files Browse the repository at this point in the history 
Change-Id: I028b6ab91229e2f824e5a69856ca9e1844f7486e
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
  • Loading branch information
@andrew-d @DentonGentry
andrew-d authored and DentonGentry committed Nov 18, 2022
1 parent c68ba18 commit f99a3e5
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions ipn/localapi/localapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,9 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
w.Header().Set("Tailscale-Version", version.Long)
w.Header().Set("Content-Security-Policy", `default-src 'none'; frame-ancestors 'none'; script-src 'none'; script-src-elem 'none'; script-src-attr 'none'`)
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
if h.RequiredPassword != "" {
_, pass, ok := r.BasicAuth()
if !ok {
Expand Down

0 comments on commit f99a3e5

Please sign in to comment.