New option in secure middleware

2018-03-02 14:24:03 +01:00 · 2018-03-02 14:24:03 +01:00 · 1f6f8d5e0f
commit 1f6f8d5e0f
parent c77fe6b434
40 changed files with 91 additions and 0 deletions
--- a/provider/docker/config_container.go
+++ b/provider/docker/config_container.go
@ -292,6 +292,7 @@ func getHeaders(container dockerData) *types.Headers {
 		ContentSecurityPolicy:   label.GetStringValue(container.Labels, label.TraefikFrontendContentSecurityPolicy, ""),
 		PublicKey:               label.GetStringValue(container.Labels, label.TraefikFrontendPublicKey, ""),
 		ReferrerPolicy:          label.GetStringValue(container.Labels, label.TraefikFrontendReferrerPolicy, ""),
+		CustomBrowserXSSValue:   label.GetStringValue(container.Labels, label.TraefikFrontendCustomBrowserXSSValue, ""),
 	}

 	if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
--- a/provider/docker/config_container_docker_test.go
+++ b/provider/docker/config_container_docker_test.go
@ -136,6 +136,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
 						label.TraefikFrontendContentSecurityPolicy:   "foo",
 						label.TraefikFrontendPublicKey:               "foo",
 						label.TraefikFrontendReferrerPolicy:          "foo",
+						label.TraefikFrontendCustomBrowserXSSValue:   "foo",
 						label.TraefikFrontendSTSSeconds:              "666",
 						label.TraefikFrontendSSLRedirect:             "true",
 						label.TraefikFrontendSSLTemporaryRedirect:    "true",
@ -224,6 +225,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
 						CustomFrameOptionsValue: "foo",
 						ContentTypeNosniff:      true,
 						BrowserXSSFilter:        true,
+						CustomBrowserXSSValue:   "foo",
 						ContentSecurityPolicy:   "foo",
 						PublicKey:               "foo",
 						ReferrerPolicy:          "foo",
@ -1541,6 +1543,7 @@ func TestDockerGetHeaders(t *testing.T) {
 					label.TraefikFrontendContentSecurityPolicy:   "foo",
 					label.TraefikFrontendPublicKey:               "foo",
 					label.TraefikFrontendReferrerPolicy:          "foo",
+					label.TraefikFrontendCustomBrowserXSSValue:   "foo",
 					label.TraefikFrontendSTSSeconds:              "666",
 					label.TraefikFrontendSSLRedirect:             "true",
 					label.TraefikFrontendSSLTemporaryRedirect:    "true",
@ -1573,6 +1576,7 @@ func TestDockerGetHeaders(t *testing.T) {
 				ContentSecurityPolicy:   "foo",
 				PublicKey:               "foo",
 				ReferrerPolicy:          "foo",
+				CustomBrowserXSSValue:   "foo",
 				STSSeconds:              666,
 				SSLRedirect:             true,
 				SSLTemporaryRedirect:    true,
--- a/provider/docker/config_container_swarm_test.go
+++ b/provider/docker/config_container_swarm_test.go
@ -143,6 +143,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
 						label.TraefikFrontendContentSecurityPolicy:   "foo",
 						label.TraefikFrontendPublicKey:               "foo",
 						label.TraefikFrontendReferrerPolicy:          "foo",
+						label.TraefikFrontendCustomBrowserXSSValue:   "foo",
 						label.TraefikFrontendSTSSeconds:              "666",
 						label.TraefikFrontendSSLRedirect:             "true",
 						label.TraefikFrontendSSLTemporaryRedirect:    "true",
@ -229,6 +230,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
 						CustomFrameOptionsValue: "foo",
 						ContentTypeNosniff:      true,
 						BrowserXSSFilter:        true,
+						CustomBrowserXSSValue:   "foo",
 						ContentSecurityPolicy:   "foo",
 						PublicKey:               "foo",
 						ReferrerPolicy:          "foo",
--- a/provider/docker/config_service.go
+++ b/provider/docker/config_service.go
@ -169,6 +169,7 @@ func getServiceHeaders(container dockerData, serviceName string) *types.Headers
 		ContentSecurityPolicy:   getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersContentSecurityPolicy, ""),
 		PublicKey:               getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersPublicKey, ""),
 		ReferrerPolicy:          getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersReferrerPolicy, ""),
+		CustomBrowserXSSValue:   getServiceStringValue(container, serviceLabels, label.SuffixFrontendHeadersCustomBrowserXSSValue, ""),
 	}

 	if !headers.HasSecureHeadersDefined() && !headers.HasCustomHeadersDefined() {
--- a/provider/docker/config_service_test.go
+++ b/provider/docker/config_service_test.go
@ -99,6 +99,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
 						label.Prefix + "service." + label.SuffixFrontendHeadersContentSecurityPolicy:   "foo",
 						label.Prefix + "service." + label.SuffixFrontendHeadersPublicKey:               "foo",
 						label.Prefix + "service." + label.SuffixFrontendHeadersReferrerPolicy:          "foo",
+						label.Prefix + "service." + label.SuffixFrontendHeadersCustomBrowserXSSValue:   "foo",
 						label.Prefix + "service." + label.SuffixFrontendHeadersSTSSeconds:              "666",
 						label.Prefix + "service." + label.SuffixFrontendHeadersSSLRedirect:             "true",
 						label.Prefix + "service." + label.SuffixFrontendHeadersSSLTemporaryRedirect:    "true",
@ -182,6 +183,7 @@ func TestDockerServiceBuildConfiguration(t *testing.T) {
 						CustomFrameOptionsValue: "foo",
 						ContentTypeNosniff:      true,
 						BrowserXSSFilter:        true,
+						CustomBrowserXSSValue:   "foo",
 						ContentSecurityPolicy:   "foo",
 						PublicKey:               "foo",
 						ReferrerPolicy:          "foo",
@ -1118,6 +1120,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
 					label.Prefix + service + "." + label.SuffixFrontendHeadersContentSecurityPolicy:   "foo",
 					label.Prefix + service + "." + label.SuffixFrontendHeadersPublicKey:               "foo",
 					label.Prefix + service + "." + label.SuffixFrontendHeadersReferrerPolicy:          "foo",
+					label.Prefix + service + "." + label.SuffixFrontendHeadersCustomBrowserXSSValue:   "foo",
 					label.Prefix + service + "." + label.SuffixFrontendHeadersSTSSeconds:              "666",
 					label.Prefix + service + "." + label.SuffixFrontendHeadersSSLRedirect:             "true",
 					label.Prefix + service + "." + label.SuffixFrontendHeadersSSLTemporaryRedirect:    "true",
@ -1150,6 +1153,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
 				ContentSecurityPolicy:   "foo",
 				PublicKey:               "foo",
 				ReferrerPolicy:          "foo",
+				CustomBrowserXSSValue:   "foo",
 				STSSeconds:              666,
 				SSLRedirect:             true,
 				SSLTemporaryRedirect:    true,
@ -1177,6 +1181,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
 					label.TraefikFrontendContentSecurityPolicy:   "foo",
 					label.TraefikFrontendPublicKey:               "foo",
 					label.TraefikFrontendReferrerPolicy:          "foo",
+					label.TraefikFrontendCustomBrowserXSSValue:   "foo",
 					label.TraefikFrontendSTSSeconds:              "666",
 					label.TraefikFrontendSSLRedirect:             "true",
 					label.TraefikFrontendSSLTemporaryRedirect:    "true",
@ -1209,6 +1214,7 @@ func TestDockerGetServiceHeaders(t *testing.T) {
 				ContentSecurityPolicy:   "foo",
 				PublicKey:               "foo",
 				ReferrerPolicy:          "foo",
+				CustomBrowserXSSValue:   "foo",
 				STSSeconds:              666,
 				SSLRedirect:             true,
 				SSLTemporaryRedirect:    true,