From: bert hubert <bert.hubert@netherlabs.nl>
Date: Fri, 29 Apr 2016 11:13:17 +0000 (+0200)
Subject: Merge pull request #3754 from rgacogne/dnsdist-custom-headers
X-Git-Tag: rec-4.0.0-alpha3~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eaf3e4dc8f2bb610bb2411b1da59b2a7bc0a84cd;p=thirdparty%2Fpdns.git

Merge pull request #3754 from rgacogne/dnsdist-custom-headers

dnsdist: Allow the use of custom headers in the web server
---

eaf3e4dc8f2bb610bb2411b1da59b2a7bc0a84cd
diff --cc pdns/dnsdist-web.cc
index 4ebda9cfa7,4514357317..52f1719616
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@@ -87,14 -120,12 +120,13 @@@ static void connectionThread(int sock, 
  
      req.getvars.erase("_"); // jQuery cache buster
  
 -    YaHTTP::Response resp(req);
 +    YaHTTP::Response resp;
 +    resp.version = req.version;
      const string charset = "; charset=utf-8";
-     resp.headers["X-Content-Type-Options"] = "nosniff";
-     resp.headers["X-Frame-Options"] = "deny";
-     resp.headers["X-Permitted-Cross-Domain-Policies"] = "none";
-     resp.headers["X-XSS-Protection"] = "1; mode=block";
-     resp.headers["Content-Security-Policy"] = "default-src 'self'; style-src 'self' 'unsafe-inline'";
+ 
+     addCustomHeaders(resp, customHeaders);
+     addSecurityHeaders(resp, customHeaders);
+ 
      /* no need to send back the API key if any */
      resp.headers.erase("X-API-Key");