mirror of
https://github.com/bjdgyc/anylink.git
synced 2025-08-08 15:18:31 +08:00
添加安全的header头
This commit is contained in:
bjdgyc
@@ -49,7 +49,7 @@ func LinkAuth(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
// fmt.Printf("%+v \n", cr)
|
||||
setCommonHeader(w)
|
||||
// setCommonHeader(w)
|
||||
if cr.Type == "logout" {
|
||||
// 退出删除session信息
|
||||
if cr.SessionToken != "" {
|
||||
|
||||
@@ -3,7 +3,6 @@ package handler
|
||||
import (
|
||||
"encoding/xml"
|
||||
"log"
|
||||
"net/http"
|
||||
"os/exec"
|
||||
)
|
||||
|
||||
@@ -42,28 +41,6 @@ type macAddressList struct {
|
||||
MacAddress string `xml:"mac-address"`
|
||||
}
|
||||
|
||||
func setCommonHeader(w http.ResponseWriter) {
|
||||
// Content-Length Date 默认已经存在
|
||||
w.Header().Set("Server", "AnyLinkOpenSource")
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
w.Header().Set("Cache-Control", "no-store,no-cache")
|
||||
w.Header().Set("Pragma", "no-cache")
|
||||
w.Header().Set("Transfer-Encoding", "chunked")
|
||||
w.Header().Set("Connection", "keep-alive")
|
||||
w.Header().Set("X-Frame-Options", "deny")
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
w.Header().Set("Content-Security-Policy", "default-src 'none'")
|
||||
w.Header().Set("X-Permitted-Cross-Domain-Policies", "none")
|
||||
w.Header().Set("Referrer-Policy", "no-referrer")
|
||||
w.Header().Set("Clear-Site-Data", "cache,cookies,storage")
|
||||
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
|
||||
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
|
||||
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
|
||||
w.Header().Set("X-XSS-Protection", "0")
|
||||
w.Header().Set("X-Aggregate-Auth", "1")
|
||||
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
|
||||
}
|
||||
|
||||
func execCmd(cmdStrs []string) error {
|
||||
for _, cmdStr := range cmdStrs {
|
||||
cmd := exec.Command("sh", "-c", cmdStr)
|
||||
|
||||
@@ -13,7 +13,7 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
|
||||
// fmt.Println(r.RemoteAddr)
|
||||
// hu, _ := httputil.DumpRequest(r, true)
|
||||
// fmt.Println("DumpHome: ", string(hu))
|
||||
w.Header().Set("Server", "AnyLinkOpenSource")
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
connection := strings.ToLower(r.Header.Get("Connection"))
|
||||
userAgent := strings.ToLower(r.UserAgent())
|
||||
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
|
||||
"github.com/bjdgyc/anylink/base"
|
||||
"github.com/bjdgyc/anylink/dbdata"
|
||||
"github.com/bjdgyc/anylink/pkg/utils"
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/pires/go-proxyproto"
|
||||
)
|
||||
@@ -86,6 +87,14 @@ func startTls() {
|
||||
|
||||
func initRoute() http.Handler {
|
||||
r := mux.NewRouter()
|
||||
// 所有路由添加安全头
|
||||
r.Use(func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
|
||||
utils.SetSecureHeader(w)
|
||||
next.ServeHTTP(w, req)
|
||||
})
|
||||
})
|
||||
|
||||
r.HandleFunc("/", LinkHome).Methods(http.MethodGet)
|
||||
r.HandleFunc("/", LinkAuth).Methods(http.MethodPost)
|
||||
r.HandleFunc("/CSCOSSLC/tunnel", LinkTunnel).Methods(http.MethodConnect)
|
||||
|
||||
Reference in New Issue
Block a user