Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add coep, corp, x-dns-prefetch-control, x-permitted-cross-doman-policies #102

Merged
merged 5 commits into from
Oct 22, 2024
Merged

feat: add coep, corp, x-dns-prefetch-control, x-permitted-cross-doman-policies #102

merged 5 commits into from
Oct 22, 2024

Conversation

reversearrow
Copy link
Contributor

No description provided.

unrolled
unrolled requested changes Oct 19, 2024
View reviewed changes
Copy link
Owner

@unrolled unrolled left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! I left a couple of the comments

README.md
@@ -84,7 +84,10 @@ s := secure.New(secure.Options{
FeaturePolicy: "vibrate 'none';", // Deprecated: this header has been renamed to PermissionsPolicy. FeaturePolicy allows the Feature-Policy header with the value to be set with a custom value. Default is "".
PermissionsPolicy: "fullscreen=(), geolocation=()", // PermissionsPolicy allows the Permissions-Policy header with the value to be set with a custom value. Default is "".
CrossOriginOpenerPolicy: "same-origin", // CrossOriginOpenerPolicy allows the Cross-Origin-Opener-Policy header with the value to be set with a custom value. Default is "".

CrossOriginEmbedderPolicy: "require-corp", // CrossOriginEmbedderPolicy allows the Cross-Origin-Embedder-Policy header with the value to be set with a custom value. Default is "".
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These need to be added to the defaults section below

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the review. Addressed it here c4f1c0a.

secure.go Outdated
}

// X-DNS-Prefetch-Control header.
if s.opt.XDNSPrefetchControl {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently with the logic below, everyone using this library will be setting the X-DNS-Prefetch-Control header to off which we will want to avoid. This should be an opt in header with a length check like the others.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the review, addressed it here 60e3ee8 and 9f6ab01. Let me know what you think.

@unrolled unrolled merged commit c88f919 into unrolled:v1 Oct 22, 2024
7 checks passed
@reversearrow reversearrow deleted the feat/add_more_headers branch October 24, 2024 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unrolled unrolled unrolled approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@reversearrow @unrolled