mirror of
https://github.com/znc/znc.git
synced 2026-06-11 09:15:01 +02:00
MarkLee131
f71e021e3b
Close #2012. Add X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff and Referrer-Policy: same-origin to every response so webadmin and module pages are framed/sniff-protected by default. Add no-store Cache-Control and Pragma: no-cache on dynamic responses so shared workstations can't replay authenticated pages from browser history. Skip the cache headers for 304 and for static asset MIME types (image, font, text/css, application/javascript) that the existing ETag/Last-Modified path on PrintFile already handles. Per review feedback: the emitter is a private WriteHardeningHeaders that writes each line via the socket directly from PrintHeader, not a public helper returning a temporary VCString. Callers can override a default value with AddHeader, or suppress one outright with the new public OmitHardeningHeader(name). Tests: drive PrintHeader on a CHTTPSock subclass that captures Write() calls, then assert with gmock matchers (Contains(StartsWith(...))).