New option in secure middleware
This commit is contained in:
Michael
Traefiker Bot
parent
c77fe6b434
commit
1f6f8d5e0f
40 changed files with 91 additions and 0 deletions
|
|
@ -368,6 +368,7 @@ func (p *Provider) getHeaders(tags []string) *types.Headers {
|
|||
ContentSecurityPolicy: p.getAttribute(label.SuffixFrontendHeadersContentSecurityPolicy, tags, ""),
|
||||
PublicKey: p.getAttribute(label.SuffixFrontendHeadersPublicKey, tags, ""),
|
||||
ReferrerPolicy: p.getAttribute(label.SuffixFrontendHeadersReferrerPolicy, tags, ""),
|
||||
CustomBrowserXSSValue: p.getAttribute(label.SuffixFrontendHeadersCustomBrowserXSSValue, tags, ""),
|
||||
STSSeconds: p.getInt64Attribute(label.SuffixFrontendHeadersSTSSeconds, tags, 0),
|
||||
SSLRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLRedirect, tags, false),
|
||||
SSLTemporaryRedirect: p.getBoolAttribute(label.SuffixFrontendHeadersSSLTemporaryRedirect, tags, false),
|
||||
|
|
|
|||
|
|
@ -1268,6 +1268,7 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy + "=foo",
|
||||
label.TraefikFrontendPublicKey + "=foo",
|
||||
label.TraefikFrontendReferrerPolicy + "=foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue + "=foo",
|
||||
label.TraefikFrontendSTSSeconds + "=666",
|
||||
label.TraefikFrontendSSLRedirect + "=true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect + "=true",
|
||||
|
|
@ -1299,6 +1300,7 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -292,6 +292,7 @@ func getHeaders(container dockerData) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(container.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -136,6 +136,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -224,6 +225,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1541,6 +1543,7 @@ func TestDockerGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1573,6 +1576,7 @@ func TestDockerGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -143,6 +143,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -229,6 +230,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
|
|||
|
|
@ -169,6 +169,7 @@ func getServiceHeaders(container dockerData, serviceName string) *types.Headers
|
|||
ContentSecurityPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersContentSecurityPolicy, ""),
|
||||
PublicKey: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersPublicKey, ""),
|
||||
ReferrerPolicy: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "service." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersPublicKey: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + "service." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
|
|
@ -182,6 +183,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1118,6 +1120,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
label.Prefix + service + "." + label.SuffixFrontendHeadersContentSecurityPolicy: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersPublicKey: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + service + "." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1150,6 +1153,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
@ -1177,6 +1181,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1209,6 +1214,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -281,6 +281,7 @@ func getHeaders(instance ecsInstance) *types.Headers {
|
|||
ContentSecurityPolicy: getStringValue(instance, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: getStringValue(instance, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: getStringValue(instance, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: getStringValue(instance, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -164,6 +164,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendPublicKey: aws.String("foo"),
|
||||
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
|
||||
label.TraefikFrontendSTSSeconds: aws.String("666"),
|
||||
label.TraefikFrontendSSLRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
|
||||
|
|
@ -293,6 +294,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1394,6 +1396,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendPublicKey: aws.String("foo"),
|
||||
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
|
||||
label.TraefikFrontendSTSSeconds: aws.String("666"),
|
||||
label.TraefikFrontendSSLRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
|
||||
|
|
@ -1427,6 +1430,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ const (
|
|||
annotationKubernetesCustomFrameOptionsValue = "ingress.kubernetes.io/custom-frame-options-value"
|
||||
annotationKubernetesContentTypeNosniff = "ingress.kubernetes.io/content-type-nosniff"
|
||||
annotationKubernetesBrowserXSSFilter = "ingress.kubernetes.io/browser-xss-filter"
|
||||
annotationKubernetesCustomBrowserXSSValue = "ingress.kubernetes.io/custom-browser-xss-value"
|
||||
annotationKubernetesContentSecurityPolicy = "ingress.kubernetes.io/content-security-policy"
|
||||
annotationKubernetesPublicKey = "ingress.kubernetes.io/public-key"
|
||||
annotationKubernetesReferrerPolicy = "ingress.kubernetes.io/referrer-policy"
|
||||
|
|
|
|||
|
|
@ -577,6 +577,7 @@ func getHeader(i *extensionsv1beta1.Ingress) *types.Headers {
|
|||
CustomFrameOptionsValue: getStringValue(i.Annotations, annotationKubernetesCustomFrameOptionsValue, ""),
|
||||
ContentTypeNosniff: getBoolValue(i.Annotations, annotationKubernetesContentTypeNosniff, false),
|
||||
BrowserXSSFilter: getBoolValue(i.Annotations, annotationKubernetesBrowserXSSFilter, false),
|
||||
CustomBrowserXSSValue: getStringValue(i.Annotations, annotationKubernetesCustomBrowserXSSValue, ""),
|
||||
ContentSecurityPolicy: getStringValue(i.Annotations, annotationKubernetesContentSecurityPolicy, ""),
|
||||
PublicKey: getStringValue(i.Annotations, annotationKubernetesPublicKey, ""),
|
||||
ReferrerPolicy: getStringValue(i.Annotations, annotationKubernetesReferrerPolicy, ""),
|
||||
|
|
|
|||
|
|
@ -793,6 +793,7 @@ rateset:
|
|||
iAnnotation(annotationKubernetesFrameDeny, "true"),
|
||||
iAnnotation(annotationKubernetesContentTypeNosniff, "true"),
|
||||
iAnnotation(annotationKubernetesBrowserXSSFilter, "true"),
|
||||
iAnnotation(annotationKubernetesCustomBrowserXSSValue, "foo"),
|
||||
iAnnotation(annotationKubernetesIsDevelopment, "true"),
|
||||
iAnnotation(annotationKubernetesSSLHost, "foo"),
|
||||
iAnnotation(annotationKubernetesCustomFrameOptionsValue, "foo"),
|
||||
|
|
@ -1042,6 +1043,7 @@ rateset:
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
}),
|
||||
routes(
|
||||
route("/customheaders", "PathPrefix:/customheaders"),
|
||||
|
|
|
|||
|
|
@ -61,6 +61,7 @@ const (
|
|||
pathFrontendCustomFrameOptionsValue = "/headers/customframeoptionsvalue"
|
||||
pathFrontendContentTypeNosniff = "/headers/contenttypenosniff"
|
||||
pathFrontendBrowserXSSFilter = "/headers/browserxssfilter"
|
||||
pathFrontendCustomBrowserXSSValue = "/headers/custombrowserxssvalue"
|
||||
pathFrontendContentSecurityPolicy = "/headers/contentsecuritypolicy"
|
||||
pathFrontendPublicKey = "/headers/publickey"
|
||||
pathFrontendReferrerPolicy = "/headers/referrerpolicy"
|
||||
|
|
|
|||
|
|
@ -206,6 +206,7 @@ func (p *Provider) getHeaders(rootPath string) *types.Headers {
|
|||
CustomFrameOptionsValue: p.get("", rootPath, pathFrontendCustomFrameOptionsValue),
|
||||
ContentTypeNosniff: p.getBool(false, rootPath, pathFrontendContentTypeNosniff),
|
||||
BrowserXSSFilter: p.getBool(false, rootPath, pathFrontendBrowserXSSFilter),
|
||||
CustomBrowserXSSValue: p.get("", rootPath, pathFrontendCustomBrowserXSSValue),
|
||||
ContentSecurityPolicy: p.get("", rootPath, pathFrontendContentSecurityPolicy),
|
||||
PublicKey: p.get("", rootPath, pathFrontendPublicKey),
|
||||
ReferrerPolicy: p.get("", rootPath, pathFrontendReferrerPolicy),
|
||||
|
|
|
|||
|
|
@ -119,6 +119,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
withPair(pathFrontendContentSecurityPolicy, "foo"),
|
||||
withPair(pathFrontendPublicKey, "foo"),
|
||||
withPair(pathFrontendReferrerPolicy, "foo"),
|
||||
withPair(pathFrontendCustomBrowserXSSValue, "foo"),
|
||||
withPair(pathFrontendSSLRedirect, "true"),
|
||||
withPair(pathFrontendSSLTemporaryRedirect, "true"),
|
||||
withPair(pathFrontendSTSIncludeSubdomains, "true"),
|
||||
|
|
@ -248,6 +249,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
STSIncludeSubdomains: true,
|
||||
|
|
@ -1415,6 +1417,16 @@ func TestProviderGetHeaders(t *testing.T) {
|
|||
BrowserXSSFilter: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Custom Browser XSS Value",
|
||||
rootPath: "traefik/frontends/foo",
|
||||
kvPairs: filler("traefik",
|
||||
frontend("foo",
|
||||
withPair(pathFrontendCustomBrowserXSSValue, "foo"))),
|
||||
expected: &types.Headers{
|
||||
CustomBrowserXSSValue: "foo",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "Content Security Policy",
|
||||
rootPath: "traefik/frontends/foo",
|
||||
|
|
|
|||
|
|
@ -51,6 +51,7 @@ const (
|
|||
SuffixFrontendHeadersCustomFrameOptionsValue = SuffixFrontendHeaders + "customFrameOptionsValue"
|
||||
SuffixFrontendHeadersContentTypeNosniff = SuffixFrontendHeaders + "contentTypeNosniff"
|
||||
SuffixFrontendHeadersBrowserXSSFilter = SuffixFrontendHeaders + "browserXSSFilter"
|
||||
SuffixFrontendHeadersCustomBrowserXSSValue = SuffixFrontendHeaders + "customBrowserXSSValue"
|
||||
SuffixFrontendHeadersContentSecurityPolicy = SuffixFrontendHeaders + "contentSecurityPolicy"
|
||||
SuffixFrontendHeadersPublicKey = SuffixFrontendHeaders + "publicKey"
|
||||
SuffixFrontendHeadersReferrerPolicy = SuffixFrontendHeaders + "referrerPolicy"
|
||||
|
|
@ -124,6 +125,7 @@ const (
|
|||
TraefikFrontendCustomFrameOptionsValue = Prefix + SuffixFrontendHeadersCustomFrameOptionsValue
|
||||
TraefikFrontendContentTypeNosniff = Prefix + SuffixFrontendHeadersContentTypeNosniff
|
||||
TraefikFrontendBrowserXSSFilter = Prefix + SuffixFrontendHeadersBrowserXSSFilter
|
||||
TraefikFrontendCustomBrowserXSSValue = Prefix + SuffixFrontendHeadersCustomBrowserXSSValue
|
||||
TraefikFrontendContentSecurityPolicy = Prefix + SuffixFrontendHeadersContentSecurityPolicy
|
||||
TraefikFrontendPublicKey = Prefix + SuffixFrontendHeadersPublicKey
|
||||
TraefikFrontendReferrerPolicy = Prefix + SuffixFrontendHeadersReferrerPolicy
|
||||
|
|
|
|||
|
|
@ -572,6 +572,7 @@ func getHeaders(application marathon.Application, serviceName string) *types.Hea
|
|||
ContentSecurityPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersContentSecurityPolicy), ""),
|
||||
PublicKey: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersPublicKey), ""),
|
||||
ReferrerPolicy: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersReferrerPolicy), ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(labels, getLabelName(serviceName, label.SuffixFrontendHeadersCustomBrowserXSSValue), ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -218,6 +218,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -304,6 +305,7 @@ func TestBuildConfigurationNonAPIErrors(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -540,6 +542,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
|
|||
withServiceLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendPublicKey, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendReferrerPolicy, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSTSSeconds, "666", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSSLRedirect, "true", "containous"),
|
||||
withServiceLabel(label.TraefikFrontendSSLTemporaryRedirect, "true", "containous"),
|
||||
|
|
@ -625,6 +628,7 @@ func TestBuildConfigurationServicesNonAPIErrors(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1963,6 +1967,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -1994,6 +1999,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
@ -2021,6 +2027,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersContentSecurityPolicy, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersPublicKey, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersReferrerPolicy, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSTSSeconds, "666"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLRedirect, "true"),
|
||||
withLabel(label.Prefix+"containous."+label.SuffixFrontendHeadersSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -2053,6 +2060,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -405,6 +405,7 @@ func getHeaders(task state.Task) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -160,6 +160,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -248,6 +249,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1213,6 +1215,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendPublicKey, "foo"),
|
||||
withLabel(label.TraefikFrontendReferrerPolicy, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomBrowserXSSValue, "foo"),
|
||||
withLabel(label.TraefikFrontendSTSSeconds, "666"),
|
||||
withLabel(label.TraefikFrontendSSLRedirect, "true"),
|
||||
withLabel(label.TraefikFrontendSSLTemporaryRedirect, "true"),
|
||||
|
|
@ -1247,6 +1250,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
|
|
@ -336,6 +336,7 @@ func getHeaders(service rancherData) *types.Headers {
|
|||
ContentSecurityPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
|
||||
PublicKey: label.GetStringValue(service.Labels, label.TraefikFrontendPublicKey, ""),
|
||||
ReferrerPolicy: label.GetStringValue(service.Labels, label.TraefikFrontendReferrerPolicy, ""),
|
||||
CustomBrowserXSSValue: label.GetStringValue(service.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
|
||||
}
|
||||
|
||||
if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
|
||||
|
|
|
|||
|
|
@ -78,6 +78,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -164,6 +165,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
|
|
@ -1209,6 +1211,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
label.TraefikFrontendContentSecurityPolicy: "foo",
|
||||
label.TraefikFrontendPublicKey: "foo",
|
||||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
|
|
@ -1243,6 +1246,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue