baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

New option in secure middleware

Browse source
This commit is contained in:
Michael 2018-03-02 14:24:03 +01:00 committed by Traefiker Bot
parent c77fe6b434
commit 1f6f8d5e0f
40 changed files with 91 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
autogen/gentemplates/gen.go
View file

@ -183,6 +183,7 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -387,6 +388,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -503,6 +505,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -694,6 +697,7 @@ var _templatesEcsTmpl = []byte(`[backends]
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -901,6 +905,7 @@ var _templatesKubernetesTmpl = []byte(`[backends]
CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $frontend.Headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}"
PublicKey = "{{ $frontend.Headers.PublicKey }}" PublicKey = "{{ $frontend.Headers.PublicKey }}"
ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}"
@ -1096,6 +1101,7 @@ var _templatesKvTmpl = []byte(`[backends]
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -1306,6 +1312,7 @@ var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -1498,6 +1505,7 @@ var _templatesMesosTmpl = []byte(`[backends]
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -1711,6 +1719,7 @@ var _templatesRancherTmpl = []byte(`{{ $backendServers := .Backends }}
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
docs/configuration/backends/consulcatalog.md
View file

@ -143,6 +143,7 @@ Additional settings can be defined using Consul Catalog tags.
| `<prefix>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `<prefix>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `<prefix>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `<prefix>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `<prefix>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `<prefix>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `<prefix>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `<prefix>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `<prefix>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `<prefix>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `<prefix>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `<prefix>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `<prefix>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

2
docs/configuration/backends/docker.md
View file

@ -231,6 +231,7 @@ Labels can be used on containers to override default behaviour.
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
@ -290,6 +291,7 @@ Services labels can be used for overriding default behaviour
| `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.<service-name>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

1
docs/configuration/backends/ecs.md
View file

@ -191,6 +191,7 @@ Labels can be used on task containers to override default behaviour:
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

1
docs/configuration/backends/kubernetes.md
View file

@ -220,6 +220,7 @@ The following security annotations are applicable on the Ingress object:
| `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `ingress.kubernetes.io/content-type-nosniff: "true"` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `ingress.kubernetes.io/content-type-nosniff: "true"` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `ingress.kubernetes.io/browser-xss-filter: "true"` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `ingress.kubernetes.io/browser-xss-filter: "true"` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `ingress.kubernetes.io/custom-browser-xss-value: VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `ingress.kubernetes.io/content-security-policy: VALUE` | Adds CSP Header with the custom value. | | `ingress.kubernetes.io/content-security-policy: VALUE` | Adds CSP Header with the custom value. |
| `ingress.kubernetes.io/public-key: VALUE` | Adds pinned HTST public key header. | | `ingress.kubernetes.io/public-key: VALUE` | Adds pinned HTST public key header. |
| `ingress.kubernetes.io/referrer-policy: VALUE` | Adds referrer policy header. | | `ingress.kubernetes.io/referrer-policy: VALUE` | Adds referrer policy header. |

2
docs/configuration/backends/marathon.md
View file

@ -229,6 +229,7 @@ The following labels can be defined on Marathon applications. They adjust the be
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
@ -289,6 +290,7 @@ For applications that expose multiple ports, specific labels can be used to extr
| `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.<service-name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.<service-name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.<service-name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.<service-name>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.<service-name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.<service-name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.<service-name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

1
docs/configuration/backends/mesos.md
View file

@ -163,6 +163,7 @@ The following labels can be defined on Mesos tasks. They adjust the behaviour fo
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

1
docs/configuration/backends/rancher.md
View file

@ -187,6 +187,7 @@ Labels can be used on task containers to override default behaviour:
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. | | `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. | | `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. | | `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. | | `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. | | `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. | | `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |

1
middlewares/secure.go
View file

@ -26,6 +26,7 @@ func NewSecure(headers *types.Headers) *secure.Secure {
CustomFrameOptionsValue: headers.CustomFrameOptionsValue, CustomFrameOptionsValue: headers.CustomFrameOptionsValue,
ContentTypeNosniff: headers.ContentTypeNosniff, ContentTypeNosniff: headers.ContentTypeNosniff,
BrowserXssFilter: headers.BrowserXSSFilter, BrowserXssFilter: headers.BrowserXSSFilter,
CustomBrowserXssValue: headers.CustomBrowserXSSValue,
ContentSecurityPolicy: headers.ContentSecurityPolicy, ContentSecurityPolicy: headers.ContentSecurityPolicy,
PublicKey: headers.PublicKey, PublicKey: headers.PublicKey,
ReferrerPolicy: headers.ReferrerPolicy, ReferrerPolicy: headers.ReferrerPolicy,

1
provider/consulcatalog/consul_catalog_config.go
View file

@ -368,6 +368,7 @@ func (p *Provider) getHeaders(tags []string) *types.Headers {
ContentSecurityPolicy: p.getAttribute(label.SuffixFrontendHeadersContentSecurityPolicy, tags, ""), ContentSecurityPolicy: p.getAttribute(label.SuffixFrontendHeadersContentSecurityPolicy, tags, ""),
PublicKey: p.getAttribute(label.SuffixFrontendHeadersPublicKey, tags, ""), PublicKey: p.getAttribute(label.SuffixFrontendHeadersPublicKey, tags, ""),
ReferrerPolicy: p.getAttribute(label.SuffixFrontendHeadersReferrerPolicy, tags, ""), ReferrerPolicy: p.getAttribute(label.SuffixFrontendHeadersReferrerPolicy, tags, ""),
CustomBrowserXSSValue: p.getAttribute(label.SuffixFrontendHeadersCustomBrowserXSSValue, tags, ""),
STSSeconds: p.getInt64Attribute(label.SuffixFrontendHeadersSTSSeconds, tags, 0), STSSeconds: p.getInt64Attribute(label.SuffixFrontendHeadersSTSSeconds, tags, 0),
SSLRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLRedirect, tags, false), SSLRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLRedirect, tags, false),
SSLTemporaryRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLTemporaryRedirect, tags, false), SSLTemporaryRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLTemporaryRedirect, tags, false),

2
provider/consulcatalog/consul_catalog_config_test.go
View file

@ -1268,6 +1268,7 @@ func TestProviderGetHeaders(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy + "=foo", label.TraefikFrontendContentSecurityPolicy + "=foo",
label.TraefikFrontendPublicKey + "=foo", label.TraefikFrontendPublicKey + "=foo",
label.TraefikFrontendReferrerPolicy + "=foo", label.TraefikFrontendReferrerPolicy + "=foo",
label.TraefikFrontendCustomBrowserXSSValue + "=foo",
label.TraefikFrontendSTSSeconds + "=666", label.TraefikFrontendSTSSeconds + "=666",
label.TraefikFrontendSSLRedirect + "=true", label.TraefikFrontendSSLRedirect + "=true",
label.TraefikFrontendSSLTemporaryRedirect + "=true", label.TraefikFrontendSSLTemporaryRedirect + "=true",
@ -1299,6 +1300,7 @@ func TestProviderGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
provider/docker/config_container.go
View file

@ -292,6 +292,7 @@ func getHeaders(container dockerData) *types.Headers {
ContentSecurityPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""), ContentSecurityPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
PublicKey: label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""), PublicKey: label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""),
ReferrerPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""), ReferrerPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""),
CustomBrowserXSSValue: label.GetStringValue(container.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

4
provider/docker/config_container_docker_test.go
View file

@ -136,6 +136,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -224,6 +225,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1541,6 +1543,7 @@ func TestDockerGetHeaders(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -1573,6 +1576,7 @@ func TestDockerGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

2
provider/docker/config_container_swarm_test.go
View file

@ -143,6 +143,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -229,6 +230,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",

1
provider/docker/config_service.go
View file

@ -169,6 +169,7 @@ func getServiceHeaders(container dockerData, serviceName string) *types.Headers
ContentSecurityPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersContentSecurityPolicy, ""), ContentSecurityPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersContentSecurityPolicy, ""),
PublicKey: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersPublicKey, ""), PublicKey: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersPublicKey, ""),
ReferrerPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersReferrerPolicy, ""), ReferrerPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersReferrerPolicy, ""),
CustomBrowserXSSValue: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersCustomBrowserXSSValue, ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

6
provider/docker/config_service_test.go
View file

@ -99,6 +99,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
label.Prefix + "service." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo", label.Prefix + "service." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
label.Prefix + "service." + label.SuffixFrontendHeadersPublicKey: "foo", label.Prefix + "service." + label.SuffixFrontendHeadersPublicKey: "foo",
label.Prefix + "service." + label.SuffixFrontendHeadersReferrerPolicy: "foo", label.Prefix + "service." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
label.Prefix + "service." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
label.Prefix + "service." + label.SuffixFrontendHeadersSTSSeconds: "666", label.Prefix + "service." + label.SuffixFrontendHeadersSTSSeconds: "666",
label.Prefix + "service." + label.SuffixFrontendHeadersSSLRedirect: "true", label.Prefix + "service." + label.SuffixFrontendHeadersSSLRedirect: "true",
label.Prefix + "service." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true", label.Prefix + "service." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
@ -182,6 +183,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1118,6 +1120,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
label.Prefix + service + "." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo", label.Prefix + service + "." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
label.Prefix + service + "." + label.SuffixFrontendHeadersPublicKey: "foo", label.Prefix + service + "." + label.SuffixFrontendHeadersPublicKey: "foo",
label.Prefix + service + "." + label.SuffixFrontendHeadersReferrerPolicy: "foo", label.Prefix + service + "." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
label.Prefix + service + "." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
label.Prefix + service + "." + label.SuffixFrontendHeadersSTSSeconds: "666", label.Prefix + service + "." + label.SuffixFrontendHeadersSTSSeconds: "666",
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLRedirect: "true", label.Prefix + service + "." + label.SuffixFrontendHeadersSSLRedirect: "true",
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true", label.Prefix + service + "." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
@ -1150,6 +1153,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,
@ -1177,6 +1181,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -1209,6 +1214,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
provider/ecs/config.go
View file

@ -281,6 +281,7 @@ func getHeaders(instance ecsInstance) *types.Headers {
ContentSecurityPolicy: getStringValue(instance, label.TraefikFrontendContentSecurityPolicy, ""), ContentSecurityPolicy: getStringValue(instance, label.TraefikFrontendContentSecurityPolicy, ""),
PublicKey: getStringValue(instance, label.TraefikFrontendPublicKey, ""), PublicKey: getStringValue(instance, label.TraefikFrontendPublicKey, ""),
ReferrerPolicy: getStringValue(instance, label.TraefikFrontendReferrerPolicy, ""), ReferrerPolicy: getStringValue(instance, label.TraefikFrontendReferrerPolicy, ""),
CustomBrowserXSSValue: getStringValue(instance, label.TraefikFrontendCustomBrowserXSSValue, ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

4
provider/ecs/config_test.go
View file

@ -164,6 +164,7 @@ func TestBuildConfiguration(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"), label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
label.TraefikFrontendPublicKey: aws.String("foo"), label.TraefikFrontendPublicKey: aws.String("foo"),
label.TraefikFrontendReferrerPolicy: aws.String("foo"), label.TraefikFrontendReferrerPolicy: aws.String("foo"),
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
label.TraefikFrontendSTSSeconds: aws.String("666"), label.TraefikFrontendSTSSeconds: aws.String("666"),
label.TraefikFrontendSSLRedirect: aws.String("true"), label.TraefikFrontendSSLRedirect: aws.String("true"),
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"), label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
@ -293,6 +294,7 @@ func TestBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1394,6 +1396,7 @@ func TestGetHeaders(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"), label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
label.TraefikFrontendPublicKey: aws.String("foo"), label.TraefikFrontendPublicKey: aws.String("foo"),
label.TraefikFrontendReferrerPolicy: aws.String("foo"), label.TraefikFrontendReferrerPolicy: aws.String("foo"),
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
label.TraefikFrontendSTSSeconds: aws.String("666"), label.TraefikFrontendSTSSeconds: aws.String("666"),
label.TraefikFrontendSSLRedirect: aws.String("true"), label.TraefikFrontendSSLRedirect: aws.String("true"),
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"), label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
@ -1427,6 +1430,7 @@ func TestGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
provider/kubernetes/annotations.go
View file

@ -47,6 +47,7 @@ const (
annotationKubernetesCustomFrameOptionsValue = "ingress.kubernetes.io/custom-frame-options-value" annotationKubernetesCustomFrameOptionsValue = "ingress.kubernetes.io/custom-frame-options-value"
annotationKubernetesContentTypeNosniff = "ingress.kubernetes.io/content-type-nosniff" annotationKubernetesContentTypeNosniff = "ingress.kubernetes.io/content-type-nosniff"
annotationKubernetesBrowserXSSFilter = "ingress.kubernetes.io/browser-xss-filter" annotationKubernetesBrowserXSSFilter = "ingress.kubernetes.io/browser-xss-filter"
annotationKubernetesCustomBrowserXSSValue = "ingress.kubernetes.io/custom-browser-xss-value"
annotationKubernetesContentSecurityPolicy = "ingress.kubernetes.io/content-security-policy" annotationKubernetesContentSecurityPolicy = "ingress.kubernetes.io/content-security-policy"
annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key" annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key"
annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy" annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy"

1
provider/kubernetes/kubernetes.go
View file

@ -577,6 +577,7 @@ func getHeader(i *extensionsv1beta1.Ingress) *types.Headers {
CustomFrameOptionsValue: getStringValue(i.Annotations, annotationKubernetesCustomFrameOptionsValue, ""), CustomFrameOptionsValue: getStringValue(i.Annotations, annotationKubernetesCustomFrameOptionsValue, ""),
ContentTypeNosniff: getBoolValue(i.Annotations, annotationKubernetesContentTypeNosniff, false), ContentTypeNosniff: getBoolValue(i.Annotations, annotationKubernetesContentTypeNosniff, false),
BrowserXSSFilter: getBoolValue(i.Annotations, annotationKubernetesBrowserXSSFilter, false), BrowserXSSFilter: getBoolValue(i.Annotations, annotationKubernetesBrowserXSSFilter, false),
CustomBrowserXSSValue: getStringValue(i.Annotations, annotationKubernetesCustomBrowserXSSValue, ""),
ContentSecurityPolicy: getStringValue(i.Annotations, annotationKubernetesContentSecurityPolicy, ""), ContentSecurityPolicy: getStringValue(i.Annotations, annotationKubernetesContentSecurityPolicy, ""),
PublicKey: getStringValue(i.Annotations, annotationKubernetesPublicKey, ""), PublicKey: getStringValue(i.Annotations, annotationKubernetesPublicKey, ""),
ReferrerPolicy: getStringValue(i.Annotations, annotationKubernetesReferrerPolicy, ""), ReferrerPolicy: getStringValue(i.Annotations, annotationKubernetesReferrerPolicy, ""),

2
provider/kubernetes/kubernetes_test.go
View file

@ -793,6 +793,7 @@ rateset:
iAnnotation(annotationKubernetesFrameDeny, "true"), iAnnotation(annotationKubernetesFrameDeny, "true"),
iAnnotation(annotationKubernetesContentTypeNosniff, "true"), iAnnotation(annotationKubernetesContentTypeNosniff, "true"),
iAnnotation(annotationKubernetesBrowserXSSFilter, "true"), iAnnotation(annotationKubernetesBrowserXSSFilter, "true"),
iAnnotation(annotationKubernetesCustomBrowserXSSValue, "foo"),
iAnnotation(annotationKubernetesIsDevelopment, "true"), iAnnotation(annotationKubernetesIsDevelopment, "true"),
iAnnotation(annotationKubernetesSSLHost, "foo"), iAnnotation(annotationKubernetesSSLHost, "foo"),
iAnnotation(annotationKubernetesCustomFrameOptionsValue, "foo"), iAnnotation(annotationKubernetesCustomFrameOptionsValue, "foo"),
@ -1042,6 +1043,7 @@ rateset:
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
}), }),
routes( routes(
route("/customheaders", "PathPrefix:/customheaders"), route("/customheaders", "PathPrefix:/customheaders"),

1
provider/kv/keynames.go
View file

@ -61,6 +61,7 @@ const (
pathFrontendCustomFrameOptionsValue = "/headers/customframeoptionsvalue" pathFrontendCustomFrameOptionsValue = "/headers/customframeoptionsvalue"
pathFrontendContentTypeNosniff = "/headers/contenttypenosniff" pathFrontendContentTypeNosniff = "/headers/contenttypenosniff"
pathFrontendBrowserXSSFilter = "/headers/browserxssfilter" pathFrontendBrowserXSSFilter = "/headers/browserxssfilter"
pathFrontendCustomBrowserXSSValue = "/headers/custombrowserxssvalue"
pathFrontendContentSecurityPolicy = "/headers/contentsecuritypolicy" pathFrontendContentSecurityPolicy = "/headers/contentsecuritypolicy"
pathFrontendPublicKey = "/headers/publickey" pathFrontendPublicKey = "/headers/publickey"
pathFrontendReferrerPolicy = "/headers/referrerpolicy" pathFrontendReferrerPolicy = "/headers/referrerpolicy"

1
provider/kv/kv_config.go
View file

@ -206,6 +206,7 @@ func (p *Provider) getHeaders(rootPath string) *types.Headers {
CustomFrameOptionsValue: p.get("", rootPath, pathFrontendCustomFrameOptionsValue), CustomFrameOptionsValue: p.get("", rootPath, pathFrontendCustomFrameOptionsValue),
ContentTypeNosniff: p.getBool(false, rootPath, pathFrontendContentTypeNosniff), ContentTypeNosniff: p.getBool(false, rootPath, pathFrontendContentTypeNosniff),
BrowserXSSFilter: p.getBool(false, rootPath, pathFrontendBrowserXSSFilter), BrowserXSSFilter: p.getBool(false, rootPath, pathFrontendBrowserXSSFilter),
CustomBrowserXSSValue: p.get("", rootPath, pathFrontendCustomBrowserXSSValue),
ContentSecurityPolicy: p.get("", rootPath, pathFrontendContentSecurityPolicy), ContentSecurityPolicy: p.get("", rootPath, pathFrontendContentSecurityPolicy),
PublicKey: p.get("", rootPath, pathFrontendPublicKey), PublicKey: p.get("", rootPath, pathFrontendPublicKey),
ReferrerPolicy: p.get("", rootPath, pathFrontendReferrerPolicy), ReferrerPolicy: p.get("", rootPath, pathFrontendReferrerPolicy),

12
provider/kv/kv_config_test.go
View file

@ -119,6 +119,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
withPair(pathFrontendContentSecurityPolicy, "foo"), withPair(pathFrontendContentSecurityPolicy, "foo"),
withPair(pathFrontendPublicKey, "foo"), withPair(pathFrontendPublicKey, "foo"),
withPair(pathFrontendReferrerPolicy, "foo"), withPair(pathFrontendReferrerPolicy, "foo"),
withPair(pathFrontendCustomBrowserXSSValue, "foo"),
withPair(pathFrontendSSLRedirect, "true"), withPair(pathFrontendSSLRedirect, "true"),
withPair(pathFrontendSSLTemporaryRedirect, "true"), withPair(pathFrontendSSLTemporaryRedirect, "true"),
withPair(pathFrontendSTSIncludeSubdomains, "true"), withPair(pathFrontendSTSIncludeSubdomains, "true"),
@ -248,6 +249,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,
STSIncludeSubdomains: true, STSIncludeSubdomains: true,
@ -1415,6 +1417,16 @@ func TestProviderGetHeaders(t *testing.T) {
BrowserXSSFilter: true, BrowserXSSFilter: true,
}, },
}, },
{
desc: "Custom Browser XSS Value",
rootPath: "traefik/frontends/foo",
kvPairs: filler("traefik",
frontend("foo",
withPair(pathFrontendCustomBrowserXSSValue, "foo"))),
expected: &types.Headers{
CustomBrowserXSSValue: "foo",
},
},
{ {
desc: "Content Security Policy", desc: "Content Security Policy",
rootPath: "traefik/frontends/foo", rootPath: "traefik/frontends/foo",

2
provider/label/names.go
View file

@ -51,6 +51,7 @@ const (
SuffixFrontendHeadersCustomFrameOptionsValue = SuffixFrontendHeaders + "customFrameOptionsValue" SuffixFrontendHeadersCustomFrameOptionsValue = SuffixFrontendHeaders + "customFrameOptionsValue"
SuffixFrontendHeadersContentTypeNosniff = SuffixFrontendHeaders + "contentTypeNosniff" SuffixFrontendHeadersContentTypeNosniff = SuffixFrontendHeaders + "contentTypeNosniff"
SuffixFrontendHeadersBrowserXSSFilter = SuffixFrontendHeaders + "browserXSSFilter" SuffixFrontendHeadersBrowserXSSFilter = SuffixFrontendHeaders + "browserXSSFilter"
SuffixFrontendHeadersCustomBrowserXSSValue = SuffixFrontendHeaders + "customBrowserXSSValue"
SuffixFrontendHeadersContentSecurityPolicy = SuffixFrontendHeaders + "contentSecurityPolicy" SuffixFrontendHeadersContentSecurityPolicy = SuffixFrontendHeaders + "contentSecurityPolicy"
SuffixFrontendHeadersPublicKey = SuffixFrontendHeaders + "publicKey" SuffixFrontendHeadersPublicKey = SuffixFrontendHeaders + "publicKey"
SuffixFrontendHeadersReferrerPolicy = SuffixFrontendHeaders + "referrerPolicy" SuffixFrontendHeadersReferrerPolicy = SuffixFrontendHeaders + "referrerPolicy"
@ -124,6 +125,7 @@ const (
TraefikFrontendCustomFrameOptionsValue = Prefix + SuffixFrontendHeadersCustomFrameOptionsValue TraefikFrontendCustomFrameOptionsValue = Prefix + SuffixFrontendHeadersCustomFrameOptionsValue
TraefikFrontendContentTypeNosniff = Prefix + SuffixFrontendHeadersContentTypeNosniff TraefikFrontendContentTypeNosniff = Prefix + SuffixFrontendHeadersContentTypeNosniff
TraefikFrontendBrowserXSSFilter = Prefix + SuffixFrontendHeadersBrowserXSSFilter TraefikFrontendBrowserXSSFilter = Prefix + SuffixFrontendHeadersBrowserXSSFilter
TraefikFrontendCustomBrowserXSSValue = Prefix + SuffixFrontendHeadersCustomBrowserXSSValue
TraefikFrontendContentSecurityPolicy = Prefix + SuffixFrontendHeadersContentSecurityPolicy TraefikFrontendContentSecurityPolicy = Prefix + SuffixFrontendHeadersContentSecurityPolicy
TraefikFrontendPublicKey = Prefix + SuffixFrontendHeadersPublicKey TraefikFrontendPublicKey = Prefix + SuffixFrontendHeadersPublicKey
TraefikFrontendReferrerPolicy = Prefix + SuffixFrontendHeadersReferrerPolicy TraefikFrontendReferrerPolicy = Prefix + SuffixFrontendHeadersReferrerPolicy

1
provider/marathon/config.go
View file

@ -572,6 +572,7 @@ func getHeaders(application marathon.Application, serviceName string) *types.Hea
ContentSecurityPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersContentSecurityPolicy), ""), ContentSecurityPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersContentSecurityPolicy), ""),
PublicKey: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersPublicKey), ""), PublicKey: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersPublicKey), ""),
ReferrerPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersReferrerPolicy), ""), ReferrerPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersReferrerPolicy), ""),
CustomBrowserXSSValue: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersCustomBrowserXSSValue), ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

8
provider/marathon/config_test.go
View file

@ -218,6 +218,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"), withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
withLabel(label.TraefikFrontendPublicKey, "foo"), withLabel(label.TraefikFrontendPublicKey, "foo"),
withLabel(label.TraefikFrontendReferrerPolicy, "foo"), withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
withLabel(label.TraefikFrontendSTSSeconds, "666"), withLabel(label.TraefikFrontendSTSSeconds, "666"),
withLabel(label.TraefikFrontendSSLRedirect, "true"), withLabel(label.TraefikFrontendSSLRedirect, "true"),
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"), withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
@ -304,6 +305,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -540,6 +542,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
withServiceLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"), withServiceLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
withServiceLabel(label.TraefikFrontendPublicKey, "foo", "containous"), withServiceLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
withServiceLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"), withServiceLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
withServiceLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
withServiceLabel(label.TraefikFrontendSTSSeconds, "666", "containous"), withServiceLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
withServiceLabel(label.TraefikFrontendSSLRedirect, "true", "containous"), withServiceLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
withServiceLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"), withServiceLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
@ -625,6 +628,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1963,6 +1967,7 @@ func TestGetHeaders(t *testing.T) {
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"), withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
withLabel(label.TraefikFrontendPublicKey, "foo"), withLabel(label.TraefikFrontendPublicKey, "foo"),
withLabel(label.TraefikFrontendReferrerPolicy, "foo"), withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
withLabel(label.TraefikFrontendSTSSeconds, "666"), withLabel(label.TraefikFrontendSTSSeconds, "666"),
withLabel(label.TraefikFrontendSSLRedirect, "true"), withLabel(label.TraefikFrontendSSLRedirect, "true"),
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"), withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
@ -1994,6 +1999,7 @@ func TestGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,
@ -2021,6 +2027,7 @@ func TestGetHeaders(t *testing.T) {
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersContentSecurityPolicy, "foo"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersContentSecurityPolicy, "foo"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersPublicKey, "foo"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersPublicKey, "foo"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersReferrerPolicy, "foo"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersReferrerPolicy, "foo"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersCustomBrowserXSSValue, "foo"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSTSSeconds, "666"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSTSSeconds, "666"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLRedirect, "true"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLRedirect, "true"),
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLTemporaryRedirect, "true"), withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLTemporaryRedirect, "true"),
@ -2053,6 +2060,7 @@ func TestGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
provider/mesos/config.go
View file

@ -405,6 +405,7 @@ func getHeaders(task state.Task) *types.Headers {
ContentSecurityPolicy: label.GetStringValue(labels, label.TraefikFrontendContentSecurityPolicy, ""), ContentSecurityPolicy: label.GetStringValue(labels, label.TraefikFrontendContentSecurityPolicy, ""),
PublicKey: label.GetStringValue(labels, label.TraefikFrontendPublicKey, ""), PublicKey: label.GetStringValue(labels, label.TraefikFrontendPublicKey, ""),
ReferrerPolicy: label.GetStringValue(labels, label.TraefikFrontendReferrerPolicy, ""), ReferrerPolicy: label.GetStringValue(labels, label.TraefikFrontendReferrerPolicy, ""),
CustomBrowserXSSValue: label.GetStringValue(labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

4
provider/mesos/config_test.go
View file

@ -160,6 +160,7 @@ func TestBuildConfiguration(t *testing.T) {
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"), withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
withLabel(label.TraefikFrontendPublicKey, "foo"), withLabel(label.TraefikFrontendPublicKey, "foo"),
withLabel(label.TraefikFrontendReferrerPolicy, "foo"), withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
withLabel(label.TraefikFrontendSTSSeconds, "666"), withLabel(label.TraefikFrontendSTSSeconds, "666"),
withLabel(label.TraefikFrontendSSLRedirect, "true"), withLabel(label.TraefikFrontendSSLRedirect, "true"),
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"), withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
@ -248,6 +249,7 @@ func TestBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1213,6 +1215,7 @@ func TestGetHeaders(t *testing.T) {
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"), withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
withLabel(label.TraefikFrontendPublicKey, "foo"), withLabel(label.TraefikFrontendPublicKey, "foo"),
withLabel(label.TraefikFrontendReferrerPolicy, "foo"), withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
withLabel(label.TraefikFrontendSTSSeconds, "666"), withLabel(label.TraefikFrontendSTSSeconds, "666"),
withLabel(label.TraefikFrontendSSLRedirect, "true"), withLabel(label.TraefikFrontendSSLRedirect, "true"),
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"), withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
@ -1247,6 +1250,7 @@ func TestGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
provider/rancher/config.go
View file

@ -336,6 +336,7 @@ func getHeaders(service rancherData) *types.Headers {
ContentSecurityPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendContentSecurityPolicy, ""), ContentSecurityPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
PublicKey: label.GetStringValue(service.Labels, label.TraefikFrontendPublicKey, ""), PublicKey: label.GetStringValue(service.Labels, label.TraefikFrontendPublicKey, ""),
ReferrerPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendReferrerPolicy, ""), ReferrerPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendReferrerPolicy, ""),
CustomBrowserXSSValue: label.GetStringValue(service.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
} }
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() { if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {

4
provider/rancher/config_test.go
View file

@ -78,6 +78,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -164,6 +165,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
CustomFrameOptionsValue: "foo", CustomFrameOptionsValue: "foo",
ContentTypeNosniff: true, ContentTypeNosniff: true,
BrowserXSSFilter: true, BrowserXSSFilter: true,
CustomBrowserXSSValue: "foo",
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
@ -1209,6 +1211,7 @@ func TestGetHeaders(t *testing.T) {
label.TraefikFrontendContentSecurityPolicy: "foo", label.TraefikFrontendContentSecurityPolicy: "foo",
label.TraefikFrontendPublicKey: "foo", label.TraefikFrontendPublicKey: "foo",
label.TraefikFrontendReferrerPolicy: "foo", label.TraefikFrontendReferrerPolicy: "foo",
label.TraefikFrontendCustomBrowserXSSValue: "foo",
label.TraefikFrontendSTSSeconds: "666", label.TraefikFrontendSTSSeconds: "666",
label.TraefikFrontendSSLRedirect: "true", label.TraefikFrontendSSLRedirect: "true",
label.TraefikFrontendSSLTemporaryRedirect: "true", label.TraefikFrontendSSLTemporaryRedirect: "true",
@ -1243,6 +1246,7 @@ func TestGetHeaders(t *testing.T) {
ContentSecurityPolicy: "foo", ContentSecurityPolicy: "foo",
PublicKey: "foo", PublicKey: "foo",
ReferrerPolicy: "foo", ReferrerPolicy: "foo",
CustomBrowserXSSValue: "foo",
STSSeconds: 666, STSSeconds: 666,
SSLRedirect: true, SSLRedirect: true,
SSLTemporaryRedirect: true, SSLTemporaryRedirect: true,

1
templates/consul_catalog.tmpl
View file

@ -127,6 +127,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

2
templates/docker.tmpl
View file

@ -142,6 +142,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"
@ -258,6 +259,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
templates/ecs.tmpl
View file

@ -127,6 +127,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
templates/kubernetes.tmpl
View file

@ -104,6 +104,7 @@
CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $frontend.Headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $frontend.Headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $frontend.Headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $frontend.Headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $frontend.Headers.ContentSecurityPolicy }}"
PublicKey = "{{ $frontend.Headers.PublicKey }}" PublicKey = "{{ $frontend.Headers.PublicKey }}"
ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $frontend.Headers.ReferrerPolicy }}"

1
templates/kv.tmpl
View file

@ -126,6 +126,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
templates/marathon.tmpl
View file

@ -133,6 +133,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
templates/mesos.tmpl
View file

@ -129,6 +129,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

1
templates/rancher.tmpl
View file

@ -127,6 +127,7 @@
CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}" CustomFrameOptionsValue = "{{ $headers.CustomFrameOptionsValue }}"
ContentTypeNosniff = {{ $headers.ContentTypeNosniff }} ContentTypeNosniff = {{ $headers.ContentTypeNosniff }}
BrowserXSSFilter = {{ $headers.BrowserXSSFilter }} BrowserXSSFilter = {{ $headers.BrowserXSSFilter }}
CustomBrowserXSSValue = "{{ $headers.CustomBrowserXSSValue }}"
ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}" ContentSecurityPolicy = "{{ $headers.ContentSecurityPolicy }}"
PublicKey = "{{ $headers.PublicKey }}" PublicKey = "{{ $headers.PublicKey }}"
ReferrerPolicy = "{{ $headers.ReferrerPolicy }}" ReferrerPolicy = "{{ $headers.ReferrerPolicy }}"

2
types/types.go
View file

@ -127,6 +127,7 @@ type Headers struct {
CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty"` CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty"`
ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty"` ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty"`
BrowserXSSFilter bool `json:"browserXssFilter,omitempty"` BrowserXSSFilter bool `json:"browserXssFilter,omitempty"`
CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty"`
ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"` ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty"`
PublicKey string `json:"publicKey,omitempty"` PublicKey string `json:"publicKey,omitempty"`
ReferrerPolicy string `json:"referrerPolicy,omitempty"` ReferrerPolicy string `json:"referrerPolicy,omitempty"`
@ -155,6 +156,7 @@ func (h *Headers) HasSecureHeadersDefined() bool {
h.CustomFrameOptionsValue != "" || h.CustomFrameOptionsValue != "" ||
h.ContentTypeNosniff || h.ContentTypeNosniff ||
h.BrowserXSSFilter || h.BrowserXSSFilter ||
h.CustomBrowserXSSValue != "" ||
h.ContentSecurityPolicy != "" || h.ContentSecurityPolicy != "" ||
h.PublicKey != "" || h.PublicKey != "" ||
h.ReferrerPolicy != "" || h.ReferrerPolicy != "" ||