diff options
-rw-r--r-- | include/security_headers_middleware.hpp | 10 | ||||
-rw-r--r-- | include/ssl_key_handler.hpp | 3 | ||||
-rw-r--r-- | include/webassets.hpp | 2 |
3 files changed, 10 insertions, 5 deletions
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp index e12395a..19369f9 100644 --- a/include/security_headers_middleware.hpp +++ b/include/security_headers_middleware.hpp @@ -20,6 +20,12 @@ static const char* xss_value = "1; mode=block"; static const char* content_security_key = "X-Content-Security-Policy"; static const char* content_security_value = "default-src 'self'"; +static const char* pragma_key = "Pragma"; +static const char* pragma_value = "no-cache"; + +static const char* cache_control_key = "Cache-Control"; +static const char* cache_control_value = "no-Store,no-Cache"; + struct SecurityHeadersMiddleware { struct context {}; @@ -37,8 +43,8 @@ struct SecurityHeadersMiddleware { res.add_header(xframe_key, xframe_value); res.add_header(xss_key, xss_value); res.add_header(content_security_key, content_security_value); - res.add_header("Access-Control-Allow-Origin", "http://localhost:8085"); - res.add_header("Access-Control-Allow-Credentials", "true"); + res.add_header(pragma_key, pragma_value); + res.add_header(cache_control_key, cache_control_value); } }; } // namespace crow diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 2a1a852..ef512e6 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -4,7 +4,6 @@ #include <openssl/bio.h> #include <openssl/dh.h> #include <openssl/dsa.h> -#include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/pem.h> @@ -304,7 +303,7 @@ inline boost::asio::ssl::context get_ssl_context( std::string aes_only_ciphers = "AES128+EECDH:AES128+EDH:!aNULL:!eNULL"; if (SSL_CTX_set_cipher_list(m_ssl_context.native_handle(), - mozilla_compatibility_ciphers.c_str()) != 1) { + mozilla_modern_ciphers.c_str()) != 1) { CROW_LOG_ERROR << "Error setting cipher list\n"; } return m_ssl_context; diff --git a/include/webassets.hpp b/include/webassets.hpp index 3afa61f..6fd0d60 100644 --- a/include/webassets.hpp +++ b/include/webassets.hpp @@ -87,7 +87,7 @@ void request_routes(Crow<Middlewares...>& app) { } } } - app.route_dynamic(std::string(webpath.string()))( + app.route_dynamic(webpath.string())( [is_gzip, absolute_path_str, content_type](const crow::request& req, crow::response& res) { static const char* content_type_string = "Content-Type"; |