search

vapor / http

🚀 Non-blocking, event-driven HTTP built on Swift NIO.
MIT License
240 stars 65 forks source link

add Header for CSP, XSS and Content Type Options #338

Closed satishbabariya closed 5 years ago

satishbabariya commented 5 years ago

Added Three HTTPHeaderName for Secure Middleware

  1. "Content-Security-Policy"
  2. "X-XSS-Protection"
  3. "X-Content-Type-Options"
grundoon commented 5 years ago

X-Content-Type-Options is now a member of the official IANA "Permanent Message Header Field Names" grouping, so can maybe stay where it is (if desired) and just needs to be alphabetized?

I do like the idea of one or more separate grouping section(s) for W3C, MDN and other not-yet-IANA-recognized useful headers.

satishbabariya commented 5 years ago

Or all headers divide with // MARK: Security and IINA/MDN Links with the description, Sections will be like this Authentication, Caching, Conditionals .... so on Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers#Authentication

tanner0101 commented 5 years ago

I do like the idea of one or more separate grouping section(s) for W3C, MDN and other not-yet-IANA-recognized useful headers.

Sections will be like this Authentication, Caching, Conditionals

Big +1 to more organization here. Maybe we should open this as a separate issue / PR? I don't want to hold up @satishbabariya's other PR https://github.com/vapor/vapor/pull/1921.

satishbabariya commented 5 years ago

@tanner0101 Yes

penny-coin commented 5 years ago

Hey @satishbabariya, you just merged a pull request, have a coin!

You now have 1 coins.