New option in secure middleware
This commit is contained in:
Michael
Traefiker Bot
parent
c77fe6b434
commit
1f6f8d5e0f
40 changed files with 91 additions and 0 deletions
|
|
@ -183,6 +183,7 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -387,6 +388,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -503,6 +505,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -694,6 +697,7 @@ var _templatesEcsTmpl = []byte(`[backends]
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -901,6 +905,7 @@ var _templatesKubernetesTmpl = []byte(`[backends]
|
|||
CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $frontend.Headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $frontend.Headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}"
|
||||
|
|
@ -1096,6 +1101,7 @@ var _templatesKvTmpl = []byte(`[backends]
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -1306,6 +1312,7 @@ var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -1498,6 +1505,7 @@ var _templatesMesosTmpl = []byte(`[backends]
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -1711,6 +1719,7 @@ var _templatesRancherTmpl = []byte(`{{ $backendServers := .Backends }}
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -143,6 +143,7 @@ Additional settings can be defined using Consul Catalog tags.
|
|||
| `<prefix>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `<prefix>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `<prefix>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `<prefix>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `<prefix>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `<prefix>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `<prefix>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -231,6 +231,7 @@ Labels can be used on containers to override default behaviour.
|
|||
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
@ -290,6 +291,7 @@ Services labels can be used for overriding default behaviour
|
|||
| `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.<service-name>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -191,6 +191,7 @@ Labels can be used on task containers to override default behaviour:
|
|||
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -220,6 +220,7 @@ The following security annotations are applicable on the Ingress object:
|
|||
| `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `ingress.kubernetes.io/content-type-nosniff: "true"` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `ingress.kubernetes.io/browser-xss-filter: "true"` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `ingress.kubernetes.io/custom-browser-xss-value: VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `ingress.kubernetes.io/content-security-policy: VALUE` | Adds CSP Header with the custom value. |
|
||||
| `ingress.kubernetes.io/public-key: VALUE` | Adds pinned HTST public key header. |
|
||||
| `ingress.kubernetes.io/referrer-policy: VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -229,6 +229,7 @@ The following labels can be defined on Marathon applications. They adjust the be
|
|||
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
@ -289,6 +290,7 @@ For applications that expose multiple ports, specific labels can be used to extr
|
|||
| `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.<service-name>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -163,6 +163,7 @@ The following labels can be defined on Mesos tasks. They adjust the behaviour fo
|
|||
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -187,6 +187,7 @@ Labels can be used on task containers to override default behaviour:
|
|||
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
|
||||
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
|
||||
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
|
||||
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
|
||||
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
|
||||
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
|
||||
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ func NewSecure(headers *types.Headers) *secure.Secure {
|
|||
CustomFrameOptionsValue: headers.CustomFrameOptionsValue,
|
||||
ContentTypeNosniff: headers.ContentTypeNosniff,
|
||||
BrowserXssFilter: headers.BrowserXSSFilter,
|
||||
CustomBrowserXssValue: headers.CustomBrowserXSSValue,
|
||||
ContentSecurityPolicy: headers.ContentSecurityPolicy,
|
||||
PublicKey: headers.PublicKey,
|
||||
ReferrerPolicy: headers.ReferrerPolicy,
|
||||
|
|
|
|||
|
|
@ -368,6 +368,7 @@ func (p *Provider) getHeaders(tags []string) *types.Headers {
|
|||
ContentSecurityPolicy: p.getAttribute(label.SuffixFrontendHeadersContentSecurityPolicy, tags, ""),
|
||||
PublicKey: p.getAttribute(label.SuffixFrontendHeadersPublicKey, tags, ""),
|
||||
ReferrerPolicy: p.getAttribute(label.SuffixFrontendHeadersReferrerPolicy, tags, ""),
|
||||
CustomBrowserXSSValue: p.getAttribute(label.SuffixFrontendHeadersCustomBrowserXSSValue, tags, ""),
|
||||
STSSeconds: p.getInt64Attribute(label.SuffixFrontendHeadersSTSSeconds, tags, 0),
|
||||
SSLRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLRedirect, tags, false),
|
||||
SSLTemporaryRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLTemporaryRedirect, tags, false),
|
||||
|
|
|
|||
|
|
@ -1268,6 +1268,7 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy + "=foo",
|
||||
label.TraefikFrontendPublicKey + "=foo",
|
||||
label.TraefikFrontendReferrerPolicy + "=foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue + "=foo",
|
||||
label.TraefikFrontendSTSSeconds + "=666",
|
||||
label.TraefikFrontendSSLRedirect + "=true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect + "=true",
|
||||
|
|
@ -1299,6 +1300,7 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -292,6 +292,7 @@ func getHeaders(container dockerData) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(container.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -224,6 +225,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1541,6 +1543,7 @@ func TestDockerGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1573,6 +1576,7 @@ func TestDockerGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -143,6 +143,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -229,6 +230,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
|
|||
|
|
@ -169,6 +169,7 @@ func getServiceHeaders(container dockerData, serviceName string) *types.Headers
|
|||
ContentSecurityPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersContentSecurityPolicy, ""),
|
||||
PublicKey: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersPublicKey, ""),
|
||||
ReferrerPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "service." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersPublicKey: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
|
|
@ -182,6 +183,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1118,6 +1120,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
label.Prefix + service + "." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersPublicKey: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1150,6 +1153,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
@ -1177,6 +1181,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1209,6 +1214,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -281,6 +281,7 @@ func getHeaders(instance ecsInstance) *types.Headers {
|
|||
ContentSecurityPolicy: getStringValue(instance, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: getStringValue(instance, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: getStringValue(instance, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: getStringValue(instance, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -164,6 +164,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendPublicKey: aws.String("foo"),
|
||||
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
|
||||
label.TraefikFrontendSTSSeconds: aws.String("666"),
|
||||
label.TraefikFrontendSSLRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
|
||||
|
|
@ -293,6 +294,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1394,6 +1396,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendPublicKey: aws.String("foo"),
|
||||
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
|
||||
label.TraefikFrontendSTSSeconds: aws.String("666"),
|
||||
label.TraefikFrontendSSLRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
|
||||
|
|
@ -1427,6 +1430,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ const (
|
|||
annotationKubernetesCustomFrameOptionsValue = "ingress.kubernetes.io/custom-frame-options-value"
|
||||
annotationKubernetesContentTypeNosniff = "ingress.kubernetes.io/content-type-nosniff"
|
||||
annotationKubernetesBrowserXSSFilter = "ingress.kubernetes.io/browser-xss-filter"
|
||||
annotationKubernetesCustomBrowserXSSValue = "ingress.kubernetes.io/custom-browser-xss-value"
|
||||
annotationKubernetesContentSecurityPolicy = "ingress.kubernetes.io/content-security-policy"
|
||||
annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key"
|
||||
annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy"
|
||||
|
|
|
|||
|
|
@ -577,6 +577,7 @@ func getHeader(i *extensionsv1beta1.Ingress) *types.Headers {
|
|||
CustomFrameOptionsValue: getStringValue(i.Annotations, annotationKubernetesCustomFrameOptionsValue, ""),
|
||||
ContentTypeNosniff: getBoolValue(i.Annotations, annotationKubernetesContentTypeNosniff, false),
|
||||
BrowserXSSFilter: getBoolValue(i.Annotations, annotationKubernetesBrowserXSSFilter, false),
|
||||
CustomBrowserXSSValue: getStringValue(i.Annotations, annotationKubernetesCustomBrowserXSSValue, ""),
|
||||
ContentSecurityPolicy: getStringValue(i.Annotations, annotationKubernetesContentSecurityPolicy, ""),
|
||||
PublicKey: getStringValue(i.Annotations, annotationKubernetesPublicKey, ""),
|
||||
ReferrerPolicy: getStringValue(i.Annotations, annotationKubernetesReferrerPolicy, ""),
|
||||
|
|
|
|||
|
|
@ -793,6 +793,7 @@ rateset:
|
|||
iAnnotation(annotationKubernetesFrameDeny, "true"),
|
||||
iAnnotation(annotationKubernetesContentTypeNosniff, "true"),
|
||||
iAnnotation(annotationKubernetesBrowserXSSFilter, "true"),
|
||||
iAnnotation(annotationKubernetesCustomBrowserXSSValue, "foo"),
|
||||
iAnnotation(annotationKubernetesIsDevelopment, "true"),
|
||||
iAnnotation(annotationKubernetesSSLHost, "foo"),
|
||||
iAnnotation(annotationKubernetesCustomFrameOptionsValue, "foo"),
|
||||
|
|
@ -1042,6 +1043,7 @@ rateset:
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
}),
|
||||
routes(
|
||||
route("/customheaders", "PathPrefix:/customheaders"),
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ const (
|
|||
pathFrontendCustomFrameOptionsValue = "/headers/customframeoptionsvalue"
|
||||
pathFrontendContentTypeNosniff = "/headers/contenttypenosniff"
|
||||
pathFrontendBrowserXSSFilter = "/headers/browserxssfilter"
|
||||
pathFrontendCustomBrowserXSSValue = "/headers/custombrowserxssvalue"
|
||||
pathFrontendContentSecurityPolicy = "/headers/contentsecuritypolicy"
|
||||
pathFrontendPublicKey = "/headers/publickey"
|
||||
pathFrontendReferrerPolicy = "/headers/referrerpolicy"
|
||||
|
|
|
|||
|
|
@ -206,6 +206,7 @@ func (p *Provider) getHeaders(rootPath string) *types.Headers {
|
|||
CustomFrameOptionsValue: p.get("", rootPath, pathFrontendCustomFrameOptionsValue),
|
||||
ContentTypeNosniff: p.getBool(false, rootPath, pathFrontendContentTypeNosniff),
|
||||
BrowserXSSFilter: p.getBool(false, rootPath, pathFrontendBrowserXSSFilter),
|
||||
CustomBrowserXSSValue: p.get("", rootPath, pathFrontendCustomBrowserXSSValue),
|
||||
ContentSecurityPolicy: p.get("", rootPath, pathFrontendContentSecurityPolicy),
|
||||
PublicKey: p.get("", rootPath, pathFrontendPublicKey),
|
||||
ReferrerPolicy: p.get("", rootPath, pathFrontendReferrerPolicy),
|
||||
|
|
|
|||
|
|
@ -119,6 +119,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
withPair(pathFrontendContentSecurityPolicy, "foo"),
|
||||
withPair(pathFrontendPublicKey, "foo"),
|
||||
withPair(pathFrontendReferrerPolicy, "foo"),
|
||||
withPair(pathFrontendCustomBrowserXSSValue, "foo"),
|
||||
withPair(pathFrontendSSLRedirect, "true"),
|
||||
withPair(pathFrontendSSLTemporaryRedirect, "true"),
|
||||
withPair(pathFrontendSTSIncludeSubdomains, "true"),
|
||||
|
|
@ -248,6 +249,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
STSIncludeSubdomains: true,
|
||||
|
|
@ -1415,6 +1417,16 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
BrowserXSSFilter: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Custom Browser XSS Value",
|
||||
rootPath: "traefik/frontends/foo",
|
||||
kvPairs: filler("traefik",
|
||||
frontend("foo",
|
||||
withPair(pathFrontendCustomBrowserXSSValue, "foo"))),
|
||||
expected: &types.Headers{
|
||||
CustomBrowserXSSValue: "foo",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Content Security Policy",
|
||||
rootPath: "traefik/frontends/foo",
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ const (
|
|||
SuffixFrontendHeadersCustomFrameOptionsValue = SuffixFrontendHeaders + "customFrameOptionsValue"
|
||||
SuffixFrontendHeadersContentTypeNosniff = SuffixFrontendHeaders + "contentTypeNosniff"
|
||||
SuffixFrontendHeadersBrowserXSSFilter = SuffixFrontendHeaders + "browserXSSFilter"
|
||||
SuffixFrontendHeadersCustomBrowserXSSValue = SuffixFrontendHeaders + "customBrowserXSSValue"
|
||||
SuffixFrontendHeadersContentSecurityPolicy = SuffixFrontendHeaders + "contentSecurityPolicy"
|
||||
SuffixFrontendHeadersPublicKey = SuffixFrontendHeaders + "publicKey"
|
||||
SuffixFrontendHeadersReferrerPolicy = SuffixFrontendHeaders + "referrerPolicy"
|
||||
|
|
@ -124,6 +125,7 @@ const (
|
|||
TraefikFrontendCustomFrameOptionsValue = Prefix + SuffixFrontendHeadersCustomFrameOptionsValue
|
||||
TraefikFrontendContentTypeNosniff = Prefix + SuffixFrontendHeadersContentTypeNosniff
|
||||
TraefikFrontendBrowserXSSFilter = Prefix + SuffixFrontendHeadersBrowserXSSFilter
|
||||
TraefikFrontendCustomBrowserXSSValue = Prefix + SuffixFrontendHeadersCustomBrowserXSSValue
|
||||
TraefikFrontendContentSecurityPolicy = Prefix + SuffixFrontendHeadersContentSecurityPolicy
|
||||
TraefikFrontendPublicKey = Prefix + SuffixFrontendHeadersPublicKey
|
||||
TraefikFrontendReferrerPolicy = Prefix + SuffixFrontendHeadersReferrerPolicy
|
||||
|
|
|
|||
|
|
@ -572,6 +572,7 @@ func getHeaders(application marathon.Application, serviceName string) *types.Hea
|
|||
ContentSecurityPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersContentSecurityPolicy), ""),
|
||||
PublicKey: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersPublicKey), ""),
|
||||
ReferrerPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersReferrerPolicy), ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersCustomBrowserXSSValue), ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -218,6 +218,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -304,6 +305,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -540,6 +542,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
|
|||
withServiceLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
|
|
@ -625,6 +628,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1963,6 +1967,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -1994,6 +1999,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
@ -2021,6 +2027,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersContentSecurityPolicy, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersPublicKey, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersReferrerPolicy, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSTSSeconds, "666"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLRedirect, "true"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -2053,6 +2060,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -405,6 +405,7 @@ func getHeaders(task state.Task) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -160,6 +160,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -248,6 +249,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1213,6 +1215,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -1247,6 +1250,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -336,6 +336,7 @@ func getHeaders(service rancherData) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(service.Labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(service.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -78,6 +78,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -164,6 +165,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1209,6 +1211,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1243,6 +1246,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -127,6 +127,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -142,6 +142,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
@ -258,6 +259,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -127,6 +127,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@
|
|||
CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $frontend.Headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $frontend.Headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -126,6 +126,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -133,6 +133,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -129,6 +129,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -127,6 +127,7 @@
|
|||
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
|
||||
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
|
||||
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
|
||||
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
|
||||
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
|
||||
PublicKey = "{{ $headers.PublicKey }}"
|
||||
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
|
||||
|
|
|
|||
|
|
@ -127,6 +127,7 @@ type Headers struct {
|
|||
CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty"`
|
||||
ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty"`
|
||||
BrowserXSSFilter bool `json:"browserXssFilter,omitempty"`
|
||||
CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty"`
|
||||
ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"`
|
||||
PublicKey string `json:"publicKey,omitempty"`
|
||||
ReferrerPolicy string `json:"referrerPolicy,omitempty"`
|
||||
|
|
@ -155,6 +156,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
|
|||
h.CustomFrameOptionsValue != "" ||
|
||||
h.ContentTypeNosniff ||
|
||||
h.BrowserXSSFilter ||
|
||||
h.CustomBrowserXSSValue != "" ||
|
||||
h.ContentSecurityPolicy != "" ||
|
||||
h.PublicKey != "" ||
|
||||
h.ReferrerPolicy != "" ||
|
||||
|
|
|
|||
Loading…
Reference in a new issue