geforkt von mirrored/vaultwarden
Added security headers to web-vault (fixes #44)
Dieser Commit ist enthalten in:
Ursprung
1c45c2ec3a
Commit
7c316fc19a
1 geänderte Dateien mit 21 neuen und 14 gelöschten Zeilen
|
@ -1,8 +1,9 @@
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::path::{Path, PathBuf};
|
use std::path::{Path, PathBuf};
|
||||||
|
|
||||||
|
use rocket::request::Request;
|
||||||
|
use rocket::response::{self, NamedFile, Responder};
|
||||||
use rocket::Route;
|
use rocket::Route;
|
||||||
use rocket::response::NamedFile;
|
|
||||||
use rocket_contrib::Json;
|
use rocket_contrib::Json;
|
||||||
|
|
||||||
use CONFIG;
|
use CONFIG;
|
||||||
|
@ -17,27 +18,33 @@ pub fn routes() -> Vec<Route> {
|
||||||
|
|
||||||
// TODO: Might want to use in memory cache: https://github.com/hgzimmerman/rocket-file-cache
|
// TODO: Might want to use in memory cache: https://github.com/hgzimmerman/rocket-file-cache
|
||||||
#[get("/")]
|
#[get("/")]
|
||||||
fn web_index() -> io::Result<NamedFile> {
|
fn web_index() -> WebHeaders<io::Result<NamedFile>> {
|
||||||
NamedFile::open(
|
web_files("index.html".into())
|
||||||
Path::new(&CONFIG.web_vault_folder)
|
|
||||||
.join("index.html"))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[get("/<p..>", rank = 1)] // Only match this if the other routes don't match
|
#[get("/<p..>", rank = 1)] // Only match this if the other routes don't match
|
||||||
fn web_files(p: PathBuf) -> io::Result<NamedFile> {
|
fn web_files(p: PathBuf) -> WebHeaders<io::Result<NamedFile>> {
|
||||||
NamedFile::open(
|
WebHeaders(NamedFile::open(Path::new(&CONFIG.web_vault_folder).join(p)))
|
||||||
Path::new(&CONFIG.web_vault_folder)
|
|
||||||
.join(p))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct WebHeaders<R>(R);
|
||||||
|
|
||||||
|
impl<'r, R: Responder<'r>> Responder<'r> for WebHeaders<R> {
|
||||||
|
fn respond_to(self, req: &Request) -> response::Result<'r> {
|
||||||
|
let mut res = self.0.respond_to(req)?;
|
||||||
|
|
||||||
|
res.set_raw_header("Referrer-Policy", "same-origin");
|
||||||
|
res.set_raw_header("X-Frame-Options", "SAMEORIGIN");
|
||||||
|
res.set_raw_header("X-Content-Type-Options", "nosniff");
|
||||||
|
res.set_raw_header("X-XSS-Protection", "1; mode=block");
|
||||||
|
|
||||||
|
Ok(res)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[get("/attachments/<uuid>/<file..>")]
|
#[get("/attachments/<uuid>/<file..>")]
|
||||||
fn attachments(uuid: String, file: PathBuf) -> io::Result<NamedFile> {
|
fn attachments(uuid: String, file: PathBuf) -> io::Result<NamedFile> {
|
||||||
NamedFile::open(
|
NamedFile::open(Path::new(&CONFIG.attachments_folder).join(uuid).join(file))
|
||||||
Path::new(&CONFIG.attachments_folder)
|
|
||||||
.join(uuid)
|
|
||||||
.join(file)
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Laden …
In neuem Issue referenzieren