Edit headers core plugins to use lua Code + Add new setting KEEP_UPSTREAM_HEADERS
This commit is contained in:
parent
299a0b5c25
commit
5c7cd38b51
|
@ -0,0 +1,9 @@
|
|||
{% for k, v in all.items() %}
|
||||
{% if k.startswith("COOKIE_FLAGS") and v != "" +%}
|
||||
{% if COOKIE_AUTO_SECURE_FLAG == "yes" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_SSL == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
|
||||
set_cookie_flag {{ v }} secure;
|
||||
{% else +%}
|
||||
set_cookie_flag {{ v }};
|
||||
{% endif +%}
|
||||
{% endif +%}
|
||||
{% endfor %}
|
|
@ -1,5 +0,0 @@
|
|||
{% for k, v in all.items() +%}
|
||||
{% if k.startswith("CUSTOM_HEADER") and v != "" +%}
|
||||
more_set_headers "{{ v }}";
|
||||
{% endif %}
|
||||
{% endfor %}
|
|
@ -1,5 +0,0 @@
|
|||
{% if REMOVE_HEADERS != "" %}
|
||||
{% for header in REMOVE_HEADERS.split(" ") +%}
|
||||
more_clear_headers '{{ header }}';
|
||||
{% endfor %}
|
||||
{% endif %}
|
|
@ -1,41 +0,0 @@
|
|||
{% if STRICT_TRANSPORT_SECURITY != "" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_SSL == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
|
||||
more_set_headers "Strict-Transport-Security: {{ STRICT_TRANSPORT_SECURITY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% for k, v in all.items() %}
|
||||
{% if k.startswith("COOKIE_FLAGS") and v != "" +%}
|
||||
{% if COOKIE_AUTO_SECURE_FLAG == "yes" and (AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_SSL == "yes" or GENERATE_SELF_SIGNED_SSL == "yes") +%}
|
||||
set_cookie_flag {{ v }} secure;
|
||||
{% else +%}
|
||||
set_cookie_flag {{ v }};
|
||||
{% endif +%}
|
||||
{% endif +%}
|
||||
{% endfor %}
|
||||
|
||||
{% if CONTENT_SECURITY_POLICY != "" +%}
|
||||
more_set_headers "Content-Security-Policy: {{ CONTENT_SECURITY_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if REFERRER_POLICY != "" +%}
|
||||
more_set_headers "Referrer-Policy: {{ REFERRER_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if PERMISSIONS_POLICY != "" +%}
|
||||
more_set_headers "Permissions-Policy: {{ PERMISSIONS_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if FEATURE_POLICY != "" +%}
|
||||
more_set_headers "Feature-Policy: {{ FEATURE_POLICY }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_FRAME_OPTIONS != "" +%}
|
||||
more_set_headers "X-Frame-Options: {{ X_FRAME_OPTIONS }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_CONTENT_TYPE_OPTIONS != "" +%}
|
||||
more_set_headers "X-Content-Type-Options: {{ X_CONTENT_TYPE_OPTIONS }}";
|
||||
{% endif +%}
|
||||
|
||||
{% if X_XSS_PROTECTION != "" +%}
|
||||
more_set_headers "X-XSS-Protection: {{ X_XSS_PROTECTION }}";
|
||||
{% endif +%}
|
|
@ -0,0 +1,70 @@
|
|||
local class = require "middleclass"
|
||||
local plugin = require "bunkerweb.plugin"
|
||||
local utils = require "bunkerweb.utils"
|
||||
|
||||
local headers = class("headers", plugin)
|
||||
|
||||
function headers:initialize()
|
||||
-- Call parent initialize
|
||||
plugin.initialize(self, "headers")
|
||||
self.all_headers = {
|
||||
["STRICT_TRANSPORT_SECURITY"] = "Strict-Transport-Security",
|
||||
["CONTENT_SECURITY_POLICY"] = "Content-Security-Policy",
|
||||
["REFERRER_POLICY"] = "Referrer-Policy",
|
||||
["PERMISSIONS_POLICY"] = "Permissions-Policy",
|
||||
["FEATURE_POLICY"] = "Feature-Policy",
|
||||
["X_FRAME_OPTIONS"] = "X-Frame-Options",
|
||||
["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
|
||||
["X_XSS_PROTECTION"] = "X-XSS-Protection"
|
||||
}
|
||||
end
|
||||
|
||||
function headers:header()
|
||||
-- Override upstream headers if needed
|
||||
for variable, header in pairs(self.all_headers) do
|
||||
if ngx.header[header] == nil or self.variables[variable] and self.variables["KEEP_UPSTREAM_HEADERS"] ~= "*" and utils.regex_match(self.variables["KEEP_UPSTREAM_HEADERS"], "(^| )" .. header .. "($| )") == nil then
|
||||
if header ~= "Strict-Transport-Security" or self.variables["AUTO_LETS_ENCRYPT"] == "yes" or self.variables["USE_CUSTOM_SSL"] == "yes" or self.variables["GENERATE_SELF_SIGNED_SSL"] == "yes" then
|
||||
ngx.header[header] = self.variables[variable]
|
||||
end
|
||||
end
|
||||
end
|
||||
-- Get variables
|
||||
local variables, err = utils.get_multiple_variables({ "CUSTOM_HEADER" })
|
||||
if variables == nil then
|
||||
return self:ret(false, err)
|
||||
end
|
||||
-- Add custom headers
|
||||
for srv, vars in pairs(variables) do
|
||||
if srv == ngx.var.server_name then
|
||||
for var, value in pairs(vars) do
|
||||
if utils.regex_match(var, "CUSTOM_HEADER") and value then
|
||||
local m = utils.regex_match(value, "([\\w-]+): ([^,]+)")
|
||||
if m then
|
||||
ngx.header[m[1]] = m[2]
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- Remove headers
|
||||
if self.variables["REMOVE_HEADERS"] then
|
||||
local iterator, err = ngx.re.gmatch(self.variables["REMOVE_HEADERS"], "([\\w-]+)")
|
||||
if not iterator then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
while true do
|
||||
local m, err = iterator()
|
||||
if err then
|
||||
return self:ret(false, "Error while matching remove headers: " .. err)
|
||||
end
|
||||
if not m then
|
||||
-- No more remove headers
|
||||
break
|
||||
end
|
||||
ngx.header[m[1]] = nil
|
||||
end
|
||||
end
|
||||
return self:ret(true, "Edited headers for request")
|
||||
end
|
||||
|
||||
return headers
|
|
@ -11,7 +11,7 @@
|
|||
"help": "Custom header to add (HeaderName: HeaderValue).",
|
||||
"id": "custom-header",
|
||||
"label": "Custom header (HeaderName: HeaderValue)",
|
||||
"regex": "^([\\w-]+: .+)?$",
|
||||
"regex": "^([\\w-]+: [^,]+)?$",
|
||||
"type": "text",
|
||||
"multiple": "custom-headers"
|
||||
},
|
||||
|
@ -24,6 +24,15 @@
|
|||
"regex": "^(?! )( ?[\\w-]+)*$",
|
||||
"type": "text"
|
||||
},
|
||||
"KEEP_UPSTREAM_HEADERS": {
|
||||
"context": "multisite",
|
||||
"default": "*",
|
||||
"help": "Headers to keep from upstream (Header1 Header2 Header3 ... or * for all).",
|
||||
"id": "keep-upstream-headers",
|
||||
"label": "Keep upstream headers",
|
||||
"regex": "^((?! )( ?[\\w-]+)+|\\*)?$",
|
||||
"type": "text"
|
||||
},
|
||||
"STRICT_TRANSPORT_SECURITY": {
|
||||
"context": "multisite",
|
||||
"default": "max-age=31536000",
|
||||
|
|
Loading…
Reference in New Issue