diff options
-rw-r--r-- | plugins/mod_http_file_share.lua | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/mod_http_file_share.lua b/plugins/mod_http_file_share.lua index 4daf38a9..c2aa4301 100644 --- a/plugins/mod_http_file_share.lua +++ b/plugins/mod_http_file_share.lua @@ -248,10 +248,12 @@ function handle_download(event, path) -- GET /uploads/:slot+filename response.headers.cache_control = "max-age=31556952, immutable"; response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" + response.headers.strict_transport_security = "max-age=31556952"; + response.headers.x_content_type_options = "nosniff"; + response.headers.x_frame_options = "DENY"; -- replaced by frame-ancestors in CSP? + response.headers.x_xss_protection = "1; mode=block"; return response:send_file(handle); - -- TODO - -- Set security headers end -- TODO periodic cleanup job |