http: add random security headers
Fixes #1343. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich
parent
4fe36c2f3c
commit
11d0129f96
1 changed files with 9 additions and 1 deletions
|
|
@ -224,7 +224,15 @@ function write(content, src_err)
|
|||
header("Cache-Control", "no-cache")
|
||||
header("Expires", "0")
|
||||
end
|
||||
|
||||
if not context.headers["x-frame-options"] then
|
||||
header("X-Frame-Options", "SAMEORIGIN")
|
||||
end
|
||||
if not context.headers["x-xss-protection"] then
|
||||
header("X-XSS-Protection", "1; mode=block")
|
||||
end
|
||||
if not context.headers["x-content-type-options"] then
|
||||
header("X-Content-Type-Options", "nosniff")
|
||||
end
|
||||
|
||||
context.eoh = true
|
||||
coroutine.yield(3)
|
||||
|
|
|
|||
Loading…
Reference in a new issue