47 lines
1.1 KiB
Perl
47 lines
1.1 KiB
Perl
#!/usr/bin/perl
|
|
#
|
|
# Plack::Middleware::DW::SecurityHeaders
|
|
#
|
|
# Adds security headers to all responses (matches Apache::LiveJournal::trans).
|
|
#
|
|
# Authors:
|
|
# Mark Smith <mark@dreamwidth.org>
|
|
#
|
|
# Copyright (c) 2026 by Dreamwidth Studios, LLC.
|
|
#
|
|
# This program is free software; you may redistribute it and/or modify it under
|
|
# the same terms as Perl itself. For a copy of the license, please reference
|
|
# 'perldoc perlartistic' or 'perldoc perlgpl'.
|
|
#
|
|
|
|
package Plack::Middleware::DW::SecurityHeaders;
|
|
|
|
use strict;
|
|
use v5.10;
|
|
|
|
use parent qw/ Plack::Middleware /;
|
|
|
|
use Plack::Util;
|
|
|
|
sub call {
|
|
my ( $self, $env ) = @_;
|
|
|
|
my $res = $self->app->($env);
|
|
|
|
return Plack::Util::response_cb(
|
|
$res,
|
|
sub {
|
|
my $res = shift;
|
|
|
|
push @{ $res->[1] }, 'X-Content-Type-Options' => 'nosniff';
|
|
push @{ $res->[1] }, 'Referrer-Policy' => 'same-origin';
|
|
|
|
if ( $LJ::PROTOCOL eq 'https' ) {
|
|
push @{ $res->[1] },
|
|
'Strict-Transport-Security' => 'max-age=300; includeSubDomains';
|
|
}
|
|
}
|
|
);
|
|
}
|
|
|
|
1;
|