diff options
Diffstat (limited to 'include/security_headers_middleware.hpp')
-rw-r--r-- | include/security_headers_middleware.hpp | 49 |
1 files changed, 24 insertions, 25 deletions
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp index 19369f9711..f7bc478d97 100644 --- a/include/security_headers_middleware.hpp +++ b/include/security_headers_middleware.hpp @@ -4,47 +4,46 @@ #include <crow/http_response.h> namespace crow { -static const char* strict_transport_security_key = "Strict-Transport-Security"; -static const char* strict_transport_security_value = +static const char* strictTransportSecurityKey = "Strict-Transport-Security"; +static const char* strictTransportSecurityValue = "max-age=31536000; includeSubdomains; preload"; -static const char* ua_compatability_key = "X-UA-Compatible"; -static const char* ua_compatability_value = "IE=11"; +static const char* uaCompatabilityKey = "X-UA-Compatible"; +static const char* uaCompatabilityValue = "IE=11"; -static const char* xframe_key = "X-Frame-Options"; -static const char* xframe_value = "DENY"; +static const char* xframeKey = "X-Frame-Options"; +static const char* xframeValue = "DENY"; -static const char* xss_key = "X-XSS-Protection"; -static const char* xss_value = "1; mode=block"; +static const char* xssKey = "X-XSS-Protection"; +static const char* xssValue = "1; mode=block"; -static const char* content_security_key = "X-Content-Security-Policy"; -static const char* content_security_value = "default-src 'self'"; +static const char* contentSecurityKey = "X-Content-Security-Policy"; +static const char* contentSecurityValue = "default-src 'self'"; -static const char* pragma_key = "Pragma"; -static const char* pragma_value = "no-cache"; +static const char* pragmaKey = "Pragma"; +static const char* pragmaValue = "no-cache"; -static const char* cache_control_key = "Cache-Control"; -static const char* cache_control_value = "no-Store,no-Cache"; +static const char* cacheControlKey = "Cache-Control"; +static const char* cacheControlValue = "no-Store,no-Cache"; struct SecurityHeadersMiddleware { - struct context {}; + struct Context {}; - void before_handle(crow::request& req, response& res, context& ctx) {} + void beforeHandle(crow::Request& req, Response& res, Context& ctx) {} - void after_handle(request& req, response& res, context& ctx) { + void afterHandle(Request& req, Response& res, Context& ctx) { /* TODO(ed) these should really check content types. for example, X-UA-Compatible header doesn't make sense when retrieving a JSON or javascript file. It doesn't hurt anything, it's just ugly. */ - res.add_header(strict_transport_security_key, - strict_transport_security_value); - res.add_header(ua_compatability_key, ua_compatability_value); - res.add_header(xframe_key, xframe_value); - res.add_header(xss_key, xss_value); - res.add_header(content_security_key, content_security_value); - res.add_header(pragma_key, pragma_value); - res.add_header(cache_control_key, cache_control_value); + res.addHeader(strictTransportSecurityKey, strictTransportSecurityValue); + res.addHeader(uaCompatabilityKey, uaCompatabilityValue); + res.addHeader(xframeKey, xframeValue); + res.addHeader(xssKey, xssValue); + res.addHeader(contentSecurityKey, contentSecurityValue); + res.addHeader(pragmaKey, pragmaValue); + res.addHeader(cacheControlKey, cacheControlValue); } }; } // namespace crow |