libcex  1.0.0
Modern C++11 embedded webserver library
Public Attributes | List of all members
cex::SecurityOptions Struct Reference

Contains all options for the sessionHandler middleware. More...

#include <security.hpp>

Public Attributes

int noDNSPrefetch
 If > -1, sets the X-DNS-Prefetch-Control header to on (1) or off (0) (default: 1)
 
bool ieNoOpen
 If true, sets the X-Download-Options header to noopen (default: true)
 
bool disableCache
 If true, sets several cache-related headers (default: true) More...
 
bool noSniff
 If true, sets the X-Content-Type-Options header to nosniff (default: true)
 
int referrer
 If <> refUnknown, sets the Referrer-Policy header (default: refUnknown) More...
 
bool xssProtection
 If true, sets the X-XSS-Protection header to 1; mode=block (default: true)
 
XFrame xFrameAllow
 If <> xfUnknown, sets the X-Frame-Options header (default: xfUnknown) More...
 
std::string xFrameFrom
 Sets the ALLOW-FROM name if xFrameAllow option is set to xfFrom
 
int stsMaxAge
 If > 0, sets the Strict-Transport-Security header (default: 31536000)
 
bool stsIncludeSubDomains
 If the STS header is set, adds the includeSubdomains option (default: false)
 
bool stsPreload
 If the STS header is set, adds the preload option (default: false)
 
int hpkpMaxAge
 Sets the max-age option of the Public-Key-Pins header (default: 31536000). If hpkpMaxAge is not set, or hpkpKeys is empty, NO header is set.
 
std::vector< std::string > hpkpKeys
 Should contain the list of keys to add to the HPKP header . If hpkpMaxAge is not set, or hpkpKeys is empty, NO header is set.
 
bool hpkpIncludeSubDomains
 If the HPKP header is set, adds the includeSubdomains option (default: true)
 
std::string hpkpReportUri
 If the HPKP header is set, adds the report-uri option, if the string is non-empty (default: empty)
 

Detailed Description

Contains all options for the sessionHandler middleware.

Example:

std::shared_ptr<cex::SecurityOptions> opts(new cex::SecurityOptions());
opts.get()->hpkpKeys.push_back("someKey");
opts.get()->hpkpKeys.push_back("someKey2");
opts.get()->hpkpKeys.push_back("someKey3");
opts.get()->hpkpMaxAge= 183400;
opts.get()->xFrameAllow= cex::xfFrom;
opts.get()->xFrameFrom= "my.domain.de";
opts.get()->stsMaxAge= 183400;
opts.get()->stsPreload= true;
opts.get()->ieNoOpen= cex::no;
opts.get()->noDNSPrefetch= cex::no;
opts.get()->referrer= cex::refOriginWhenCrossOrigin;
app.use(cex::securityHeaders(opts));

will set the following headers:

X-DNS-Prefetch-Control: on
X-Frame-Options: ALLOW-FROM my.domain.de
Public-Key-Pins: pin-sha256="someKey"; pin-sha256="someKey2"; pin-sha256="someKey3"; max-age=183400; includeSubdomains
Strict-Transport-Security: max-age=183400; preload
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
X-XSS-Protection: 1; mode=block

Member Data Documentation

◆ disableCache

bool cex::SecurityOptions::disableCache

If true, sets several cache-related headers (default: true)

Sets the following headers:

  • Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate
  • Pragma: no-cache
  • Expires: 0

◆ referrer

int cex::SecurityOptions::referrer

If <> refUnknown, sets the Referrer-Policy header (default: refUnknown)

Sets the header according to the supplied enum value:

  • refNoReferrer sets Referrer-Policy: no-referrer
  • refNoReferrerWhenDowngrade sets Referrer-Policy: no-referrer-when-downgrade
  • refSameOrigin sets Referrer-Policy: same-origin
  • refOrigin sets Referrer-Policy: origin
  • refStrictOrigin sets Referrer-Policy: strict-origin
  • refOriginWhenCrossOrigin sets Referrer-Policy: origin-when-cross-origin
  • refStrictOriginWhenCrossOrigin sets Referrer-Policy: strict-origin-when-cross-origin
  • refUnsafeUrl sets Referrer-Policy: unsafe-url

◆ xFrameAllow

XFrame cex::SecurityOptions::xFrameAllow

If <> xfUnknown, sets the X-Frame-Options header (default: xfUnknown)

Sets the header according to the supplied value:

  • xfFrom sets X-Frame-Options: ALLOW-FROM plus the supplied string in xFrameFrom option
  • xfDeny sets X-Frame-Options: DENY
  • xfSameOrigin sets X-Frame-Options: SAMEORIGIN

The documentation for this struct was generated from the following files: