diff --git a/cmd/whatismyip.go b/cmd/whatismyip.go index 1642c9c..0516c8a 100644 --- a/cmd/whatismyip.go +++ b/cmd/whatismyip.go @@ -13,11 +13,12 @@ import ( "github.com/dcarrillo/whatismyip/internal/httputils" "github.com/dcarrillo/whatismyip/internal/setting" + "github.com/gin-gonic/contrib/secure" + "github.com/dcarrillo/whatismyip/models" "github.com/dcarrillo/whatismyip/router" "github.com/gin-gonic/gin" - "github.com/unrolled/secure" ) var ( @@ -140,27 +141,12 @@ func setupEngine() { engine.Use(gin.LoggerWithFormatter(httputils.GetLogFormatter)) engine.Use(gin.Recovery()) if setting.App.EnableSecureHeaders { - engine.Use(addSecureHeaders()) + engine.Use(secure.Secure(secure.Options{ + BrowserXssFilter: true, + ContentTypeNosniff: true, + FrameDeny: true, + })) } _ = engine.SetTrustedProxies(nil) engine.TrustedPlatform = setting.App.TrustedHeader } - -func addSecureHeaders() gin.HandlerFunc { - return func(c *gin.Context) { - err := secure.New(secure.Options{ - BrowserXssFilter: true, - ContentTypeNosniff: true, - FrameDeny: true, - }).Process(c.Writer, c.Request) - if err != nil { - c.Abort() - return - } - - // Avoid header rewrite if response is a redirection. - if status := c.Writer.Status(); status > 300 && status < 399 { - c.Abort() - } - } -} diff --git a/go.mod b/go.mod index 691fdab..7dd6583 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,11 @@ module github.com/dcarrillo/whatismyip go 1.18 require ( + github.com/gin-gonic/contrib v0.0.0-20201101042839-6a891bf89f19 github.com/gin-gonic/gin v1.7.7 github.com/oschwald/maxminddb-golang v1.9.0 github.com/stretchr/testify v1.7.1 github.com/testcontainers/testcontainers-go v0.12.0 - github.com/unrolled/secure v1.10.0 ) require ( diff --git a/go.sum b/go.sum index 873bb2d..3e68f01 100644 --- a/go.sum +++ b/go.sum @@ -292,6 +292,8 @@ github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2H github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/contrib v0.0.0-20201101042839-6a891bf89f19 h1:J2LPEOcQmWaooBnBtUDV9KHFEnP5LYTZY03GiQ0oQBw= +github.com/gin-gonic/contrib v0.0.0-20201101042839-6a891bf89f19/go.mod h1:iqneQ2Df3omzIVTkIfn7c1acsVnMGiSLn4XF5Blh3Yg= github.com/gin-gonic/gin v1.7.7 h1:3DoBmSbJbZAWqXJC3SLjAPfutPJJRN1U5pALB7EeTTs= github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -696,8 +698,6 @@ github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0= github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= -github.com/unrolled/secure v1.10.0 h1:TBNP42z2AB+2pW9PR6vdbqhlQuv1iTeSVzK1qHjOBzA= -github.com/unrolled/secure v1.10.0/go.mod h1:BmF5hyM6tXczk3MpQkFf1hpKSRqCyhqcbiQtiAF7+40= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index 1ae4b1c..b85434e 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -83,5 +83,8 @@ func TestContainerIntegration(t *testing.T) { } assert.NoError(t, json.Unmarshal(body, &router.JSONResponse{})) + assert.Equal(t, "DENY", resp.Header.Get("X-Frame-Options")) + assert.Equal(t, "nosniff", resp.Header.Get("X-Content-Type-Options")) + assert.Equal(t, "1; mode=block", resp.Header.Get("X-Xss-Protection")) } } diff --git a/router/generic_test.go b/router/generic_test.go index 6ac258f..02ee2f3 100644 --- a/router/generic_test.go +++ b/router/generic_test.go @@ -165,6 +165,7 @@ func TestClientPort(t *testing.T) { assert.Equal(t, 200, w.Code) assert.Equal(t, contentType.text, w.Header().Get("Content-Type")) assert.Equal(t, tt.expected, w.Body.String()) + t.Log(w.Header()) }) } }