Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-26 00:39:41 +02:00
Code Issues Releases Activity

fix(performance): optimize performance for edge EE-3311 (#8040)

Browse source
This commit is contained in:
andres-portainer 2023-01-06 16:25:41 -03:00 committed by GitHub
parent 3d28a6f877
commit dd0d1737b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 577 additions and 164 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/http/security/bouncer.go
View file

@ -49,8 +49,7 @@ func NewRequestBouncer(dataStore dataservices.DataStore, jwtService dataservices
// PublicAccess defines a security check for public API environments(endpoints).
// No authentication is required to access these environments(endpoints).
func (bouncer *RequestBouncer) PublicAccess(h http.Handler) http.Handler {
h = mwSecureHeaders(h)
return h
return mwSecureHeaders(h)
}
// AdminAccess defines a security check for API environments(endpoints) that require an authorization check.
@ -375,8 +374,8 @@ func extractAPIKey(r *http.Request) (apikey string, ok bool) {
// mwSecureHeaders provides secure headers middleware for handlers.
func mwSecureHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("X-XSS-Protection", "1; mode=block")
w.Header().Add("X-Content-Type-Options", "nosniff")
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.Header().Set("X-Content-Type-Options", "nosniff")
next.ServeHTTP(w, r)
})
}