Infrastructure/imageproxy
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2024-12-16 21:56:43 -05:00
Code Issues Activity

Add X-XSS-Protection HTTP response header to block potential XSS

Browse source
This commit is contained in:
Yassine ABOUKIR 2021-01-22 19:05:12 +01:00 committed by Will Norris
parent dd798db002
commit 2203979b9c
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
imageproxy.go
View file

@ -257,6 +257,9 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
// Disable Content-Type sniffing
w.Header().Set("X-Content-Type-Options", "nosniff")
// Block potential XSS attacks especially in legacy browsers which do not support CSP
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.WriteHeader(resp.StatusCode)
if _, err := io.Copy(w, resp.Body); err != nil {