Skip to content

Commit

Permalink
Allow setting no XSS header
Browse files Browse the repository at this point in the history
  • Loading branch information
@grahamburgsma
grahamburgsma committed Oct 24, 2024
1 parent e1369d2 commit afd8032
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
8 changes: 6 additions & 2 deletions Sources/VaporSecurityHeaders/SecurityHeaders.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,17 @@ public struct SecurityHeaders {
init(contentTypeConfiguration: ContentTypeOptionsConfiguration = ContentTypeOptionsConfiguration(option: .nosniff),
contentSecurityPolicyConfiguration: ContentSecurityPolicyConfiguration = ContentSecurityPolicyConfiguration(value: ContentSecurityPolicy().defaultSrc(sources: CSPKeywords.`self`)),
frameOptionsConfiguration: FrameOptionsConfiguration = FrameOptionsConfiguration(option: .deny),
xssProtectionConfiguration: XSSProtectionConfiguration = XSSProtectionConfiguration(),
xssProtectionConfiguration: XSSProtectionConfiguration? = XSSProtectionConfiguration(),
hstsConfiguration: StrictTransportSecurityConfiguration? = nil,
serverConfiguration: ServerConfiguration? = nil,
contentSecurityPolicyReportOnlyConfiguration: ContentSecurityPolicyReportOnlyConfiguration? = nil,
referrerPolicyConfiguration: ReferrerPolicyConfiguration? = nil) {
configurations = [contentTypeConfiguration, contentSecurityPolicyConfiguration, frameOptionsConfiguration, xssProtectionConfiguration]
configurations = [contentTypeConfiguration, contentSecurityPolicyConfiguration, frameOptionsConfiguration]

if let xssProtectionConfiguration {
configurations.append(xssProtectionConfiguration)
}

if let hstsConfiguration = hstsConfiguration {
configurations.append(hstsConfiguration)
}
Expand Down
4 changes: 2 additions & 2 deletions Sources/VaporSecurityHeaders/SecurityHeadersFactory.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ public class SecurityHeadersFactory {
var contentTypeOptions = ContentTypeOptionsConfiguration(option: .nosniff)
var contentSecurityPolicy = ContentSecurityPolicyConfiguration(value: ContentSecurityPolicy().defaultSrc(sources: CSPKeywords.`self`))
var frameOptions = FrameOptionsConfiguration(option: .deny)
var xssProtection = XSSProtectionConfiguration()
var xssProtection: XSSProtectionConfiguration? = XSSProtectionConfiguration()
var hsts: StrictTransportSecurityConfiguration?
var server: ServerConfiguration?
var referrerPolicy: ReferrerPolicyConfiguration?
Expand Down Expand Up @@ -33,7 +33,7 @@ public class SecurityHeadersFactory {
return self
}

@discardableResult public func with(XSSProtection configuration: XSSProtectionConfiguration) -> SecurityHeadersFactory {
@discardableResult public func with(XSSProtection configuration: XSSProtectionConfiguration?) -> SecurityHeadersFactory {
xssProtection = configuration
return self
}
Expand Down

0 comments on commit afd8032

Please sign in to comment.