New option in secure middleware

2018-03-02 14:24:03 +01:00 · 2018-03-02 14:24:03 +01:00 · 1f6f8d5e0f
commit 1f6f8d5e0f
parent c77fe6b434
40 changed files with 91 additions and 0 deletions
--- a/provider/kv/keynames.go
+++ b/provider/kv/keynames.go
@ -61,6 +61,7 @@ const (
 	pathFrontendCustomFrameOptionsValue = "/headers/customframeoptionsvalue"
 	pathFrontendContentTypeNosniff      = "/headers/contenttypenosniff"
 	pathFrontendBrowserXSSFilter        = "/headers/browserxssfilter"
+	pathFrontendCustomBrowserXSSValue   = "/headers/custombrowserxssvalue"
 	pathFrontendContentSecurityPolicy   = "/headers/contentsecuritypolicy"
 	pathFrontendPublicKey               = "/headers/publickey"
 	pathFrontendReferrerPolicy          = "/headers/referrerpolicy"
--- a/provider/kv/kv_config.go
+++ b/provider/kv/kv_config.go
@ -206,6 +206,7 @@ func (p *Provider) getHeaders(rootPath string) *types.Headers {
 		CustomFrameOptionsValue: p.get("", rootPath, pathFrontendCustomFrameOptionsValue),
 		ContentTypeNosniff:      p.getBool(false, rootPath, pathFrontendContentTypeNosniff),
 		BrowserXSSFilter:        p.getBool(false, rootPath, pathFrontendBrowserXSSFilter),
+		CustomBrowserXSSValue:   p.get("", rootPath, pathFrontendCustomBrowserXSSValue),
 		ContentSecurityPolicy:   p.get("", rootPath, pathFrontendContentSecurityPolicy),
 		PublicKey:               p.get("", rootPath, pathFrontendPublicKey),
 		ReferrerPolicy:          p.get("", rootPath, pathFrontendReferrerPolicy),
--- a/provider/kv/kv_config_test.go
+++ b/provider/kv/kv_config_test.go
@ -119,6 +119,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
 					withPair(pathFrontendContentSecurityPolicy, "foo"),
 					withPair(pathFrontendPublicKey, "foo"),
 					withPair(pathFrontendReferrerPolicy, "foo"),
+					withPair(pathFrontendCustomBrowserXSSValue, "foo"),
 					withPair(pathFrontendSSLRedirect, "true"),
 					withPair(pathFrontendSSLTemporaryRedirect, "true"),
 					withPair(pathFrontendSTSIncludeSubdomains, "true"),
@ -248,6 +249,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
 							ContentSecurityPolicy:   "foo",
 							PublicKey:               "foo",
 							ReferrerPolicy:          "foo",
+							CustomBrowserXSSValue:   "foo",
 							SSLRedirect:             true,
 							SSLTemporaryRedirect:    true,
 							STSIncludeSubdomains:    true,
@ -1415,6 +1417,16 @@ func TestProviderGetHeaders(t *testing.T) {
 				BrowserXSSFilter: true,
 			},
 		},
+		{
+			desc:     "Custom Browser XSS Value",
+			rootPath: "traefik/frontends/foo",
+			kvPairs: filler("traefik",
+				frontend("foo",
+					withPair(pathFrontendCustomBrowserXSSValue, "foo"))),
+			expected: &types.Headers{
+				CustomBrowserXSSValue: "foo",
+			},
+		},
 		{
 			desc:     "Content Security Policy",
 			rootPath: "traefik/frontends/foo",