cmd/packserver: add --frames option

Allows override of the X-Frame-Options header on the handler.
This commit is contained in:
Laurence Withers 2022-07-06 10:33:52 +01:00
parent 16d836da9a
commit 565a269cef
1 changed files with 20 additions and 0 deletions

View File

@ -51,6 +51,8 @@ func main() {
"Tell client how long it can cache data for; 0 means no caching")
rootCmd.Flags().String("fallback-404", "",
"Name of file to return if response would be 404 (spa.html or similar)")
rootCmd.Flags().String("frames", "sameorigin",
"Override X-Frame-Options header (can be sameorigin, deny, allow)")
if err := rootCmd.Execute(); err != nil {
fmt.Fprintln(os.Stderr, err)
@ -82,6 +84,23 @@ func run(c *cobra.Command, args []string) error {
certFile = keyFile
}
// parse frames header
framesHeader := "SAMEORIGIN"
frames, err := c.Flags().GetString("frames")
if err != nil {
return err
}
switch frames {
case "sameorigin":
framesHeader = "SAMEORIGIN"
case "allow":
framesHeader = ""
case "deny":
framesHeader = "DENY"
default:
return errors.New("--frames must be one of sameorigin, deny, allow")
}
// parse extra headers
extraHeaders := make(http.Header)
hdrs, err := c.Flags().GetStringSlice("header")
@ -169,6 +188,7 @@ func run(c *cobra.Command, args []string) error {
return fmt.Errorf("%s: fallback-404 resource %q "+
"not found in packfile", prefix, fallback404File)
}
packHandler.SetHeader("X-Frame-Options", framesHeader)
handler := &addHeaders{
extraHeaders: extraHeaders,