add middlware for secure browser headers

CrowdHailer / raxx

Interface for HTTP webservers, frameworks and clients

https://hexdocs.pm/raxx

Apache License 2.0

402 stars 29 forks source link

add middlware for secure browser headers #82

Closed CrowdHailer closed 6 years ago

CrowdHailer commented 6 years ago

Same as phoenix behaviour. https://github.com/phoenixframework/phoenix/blob/d02621e106a9420167e7152f88f0cc4ab57a7785/lib/phoenix/controller.ex#L975-L990

Note the headers are simply default values

use Raxx.SecureBrowserHeaders
# OR
use Raxx.DefaultHeaders [
  {"x-frame-options", "SAMEORIGIN"},
  {"x-xss-protection", "1; mode=block"},
  {"x-content-type-options", "nosniff"}
]

QUESTION: should this live as it's own package or part of a Raxx.Browser pack?

CrowdHailer commented 6 years ago

https://github.com/CrowdHailer/raxx/commit/a6e33f5dbd9b9344753b43c5d4eb4cbf838bdddf