Headers middleware: support Content-Security-Policy-Report-Only

2024-06-07 10:24:04 +03:00 · 2024-06-07 10:24:04 +03:00 · b37aaea36d
commit b37aaea36d
parent 67f0700377
17 changed files with 116 additions and 66 deletions
--- a/pkg/middlewares/headers/secure.go
+++ b/pkg/middlewares/headers/secure.go
@ -17,24 +17,25 @@ type secureHeader struct {
 // newSecure constructs a new secure instance with supplied options.
 func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secureHeader {
 	opt := secure.Options{
-		BrowserXssFilter:        cfg.BrowserXSSFilter,
-		ContentTypeNosniff:      cfg.ContentTypeNosniff,
-		ForceSTSHeader:          cfg.ForceSTSHeader,
-		FrameDeny:               cfg.FrameDeny,
-		IsDevelopment:           cfg.IsDevelopment,
-		STSIncludeSubdomains:    cfg.STSIncludeSubdomains,
-		STSPreload:              cfg.STSPreload,
-		ContentSecurityPolicy:   cfg.ContentSecurityPolicy,
-		CustomBrowserXssValue:   cfg.CustomBrowserXSSValue,
-		CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
-		PublicKey:               cfg.PublicKey,
-		ReferrerPolicy:          cfg.ReferrerPolicy,
-		AllowedHosts:            cfg.AllowedHosts,
-		HostsProxyHeaders:       cfg.HostsProxyHeaders,
-		SSLProxyHeaders:         cfg.SSLProxyHeaders,
-		STSSeconds:              cfg.STSSeconds,
-		PermissionsPolicy:       cfg.PermissionsPolicy,
-		SecureContextKey:        contextKey,
+		BrowserXssFilter:                cfg.BrowserXSSFilter,
+		ContentTypeNosniff:              cfg.ContentTypeNosniff,
+		ForceSTSHeader:                  cfg.ForceSTSHeader,
+		FrameDeny:                       cfg.FrameDeny,
+		IsDevelopment:                   cfg.IsDevelopment,
+		STSIncludeSubdomains:            cfg.STSIncludeSubdomains,
+		STSPreload:                      cfg.STSPreload,
+		ContentSecurityPolicy:           cfg.ContentSecurityPolicy,
+		ContentSecurityPolicyReportOnly: cfg.ContentSecurityPolicyReportOnly,
+		CustomBrowserXssValue:           cfg.CustomBrowserXSSValue,
+		CustomFrameOptionsValue:         cfg.CustomFrameOptionsValue,
+		PublicKey:                       cfg.PublicKey,
+		ReferrerPolicy:                  cfg.ReferrerPolicy,
+		AllowedHosts:                    cfg.AllowedHosts,
+		HostsProxyHeaders:               cfg.HostsProxyHeaders,
+		SSLProxyHeaders:                 cfg.SSLProxyHeaders,
+		STSSeconds:                      cfg.STSSeconds,
+		PermissionsPolicy:               cfg.PermissionsPolicy,
+		SecureContextKey:                contextKey,
 	}

 	return &secureHeader{