grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove obsolete dapps and update security headers (#2694)

Browse Source 
* Embed allowed only on signer port

* Adding security headers to dapps

* Adding security headers to signer

* Removing old dapps
This commit is contained in:
Tomasz Drwięga
2016-10-19 11:02:21 +02:00
committed by Gav Wood
parent 487dfb0208
commit 5e67c89b4b
18 changed files with 123 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
devtools/src/http_client.rs
View File

@@ -64,3 +64,18 @@ pub fn request(address: &SocketAddr, request: &str) -> Response {
}
}
/// Check if all required security headers are present
pub fn assert_security_headers_present(headers: &[String]) {
assert!(
headers.iter().find(|header| header.as_str() == "X-Frame-Options: SAMEORIGIN").is_some(),
"X-Frame-Options missing: {:?}", headers
);
assert!(
headers.iter().find(|header| header.as_str() == "X-XSS-Protection: 1; mode=block").is_some(),
"X-XSS-Protection missing: {:?}", headers
);
assert!(
headers.iter().find(|header| header.as_str() == "X-Content-Type-Options: nosniff").is_some(),
"X-Content-Type-Options missing: {:?}", headers
);
}