2018-11-14 10:18:03 +01:00
|
|
|
package responsemodifiers
|
2017-06-12 18:48:21 -06:00
|
|
|
|
|
|
|
import (
|
2018-11-14 10:18:03 +01:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"github.com/containous/traefik/config"
|
2017-06-12 18:48:21 -06:00
|
|
|
"github.com/unrolled/secure"
|
|
|
|
)
|
|
|
|
|
2018-11-14 10:18:03 +01:00
|
|
|
func buildHeaders(headers *config.Headers) func(*http.Response) error {
|
2017-06-12 18:48:21 -06:00
|
|
|
opt := secure.Options{
|
2018-11-14 10:18:03 +01:00
|
|
|
BrowserXssFilter: headers.BrowserXSSFilter,
|
|
|
|
ContentTypeNosniff: headers.ContentTypeNosniff,
|
|
|
|
ForceSTSHeader: headers.ForceSTSHeader,
|
|
|
|
FrameDeny: headers.FrameDeny,
|
|
|
|
IsDevelopment: headers.IsDevelopment,
|
2017-06-12 18:48:21 -06:00
|
|
|
SSLRedirect: headers.SSLRedirect,
|
2018-11-14 10:18:03 +01:00
|
|
|
SSLForceHost: headers.SSLForceHost,
|
2017-06-12 18:48:21 -06:00
|
|
|
SSLTemporaryRedirect: headers.SSLTemporaryRedirect,
|
|
|
|
STSIncludeSubdomains: headers.STSIncludeSubdomains,
|
|
|
|
STSPreload: headers.STSPreload,
|
|
|
|
ContentSecurityPolicy: headers.ContentSecurityPolicy,
|
2018-11-14 10:18:03 +01:00
|
|
|
CustomBrowserXssValue: headers.CustomBrowserXSSValue,
|
|
|
|
CustomFrameOptionsValue: headers.CustomFrameOptionsValue,
|
2017-06-12 18:48:21 -06:00
|
|
|
PublicKey: headers.PublicKey,
|
|
|
|
ReferrerPolicy: headers.ReferrerPolicy,
|
2018-11-14 10:18:03 +01:00
|
|
|
SSLHost: headers.SSLHost,
|
|
|
|
AllowedHosts: headers.AllowedHosts,
|
|
|
|
HostsProxyHeaders: headers.HostsProxyHeaders,
|
|
|
|
SSLProxyHeaders: headers.SSLProxyHeaders,
|
|
|
|
STSSeconds: headers.STSSeconds,
|
|
|
|
}
|
|
|
|
|
|
|
|
return func(resp *http.Response) error {
|
|
|
|
if headers.HasCustomHeadersDefined() {
|
|
|
|
// Loop through Custom response headers
|
|
|
|
for header, value := range headers.CustomResponseHeaders {
|
|
|
|
if value == "" {
|
|
|
|
resp.Header.Del(header)
|
|
|
|
} else {
|
|
|
|
resp.Header.Set(header, value)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if headers.HasSecureHeadersDefined() {
|
|
|
|
err := secure.New(opt).ModifyResponseHeaders(resp)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
2017-06-12 18:48:21 -06:00
|
|
|
}
|
|
|
|
}
|