mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secure Middleware (#37)

Browse Source 
adding secure middleware to enforce security headers, most
of the options can be configured via env variables

adding prefix for mcs env variables

adding http redirect to https, adding csp report only, etc

solving conflicts

passing tls port configured by cli to secure middleware

update go.sum

adding default port, tlsport, host and tlshostname

fix tlsport bug
This commit is contained in:
Lenin Alevski
2020-04-06 13:24:15 -07:00
committed by GitHub
parent 9a2b10476c
commit 3a96e6d7e7
9 changed files with 272 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
restapi/configure_mcs.go
View File

@@ -35,6 +35,7 @@ import (
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/minio/mcs/restapi/operations"
"github.com/unrolled/secure"
)
//go:generate swagger generate server --target ../../mcs --name Mcs --spec ../swagger.yml
@@ -122,7 +123,34 @@ func setupMiddlewares(handler http.Handler) http.Handler {
func setupGlobalMiddleware(handler http.Handler) http.Handler {
// serve static files
next := FileServerMiddleware(handler)
return next
// Secure middleware, this middleware wrap all the previous handlers and add
// HTTP security headers
secureOptions := secure.Options{
AllowedHosts: getSecureAllowedHosts(),
AllowedHostsAreRegex: getSecureAllowedHostsAreRegex(),
HostsProxyHeaders: getSecureHostsProxyHeaders(),
SSLRedirect: getSSLRedirect(),
SSLHost: getSecureSSLHost(),
STSSeconds: getSecureSTSSeconds(),
STSIncludeSubdomains: getSecureSTSIncludeSubdomains(),
STSPreload: getSecureSTSPreload(),
SSLTemporaryRedirect: getSecureSSLTemporaryRedirect(),
SSLHostFunc: nil,
ForceSTSHeader: getSecureForceSTSHeader(),
FrameDeny: getSecureFrameDeny(),
ContentTypeNosniff: getSecureContentTypeNonSniff(),
BrowserXssFilter: getSecureBrowserXssFilter(),
ContentSecurityPolicy: getSecureContentSecurityPolicy(),
ContentSecurityPolicyReportOnly: getSecureContentSecurityPolicyReportOnly(),
PublicKey: getSecurePublicKey(),
ReferrerPolicy: getSecureReferrerPolicy(),
FeaturePolicy: getSecureFeaturePolicy(),
ExpectCTHeader: getSecureExpectCTHeader(),
IsDevelopment: !getProductionMode(),
}
secureMiddleware := secure.New(secureOptions)
app := secureMiddleware.Handler(next)
return app
}
// FileServerMiddleware serves files from the static folder