github/halo - halo - https://git.xinac.net

Go to file

John Niang 09d4b40da8 Apply specific headers for portal endpoints (#2972 ) #### What type of PR is this? /kind improvement /area core #### What this PR does / why we need it: This PR separates security configuration of RESTful APIs and portal pages to configure specific headers for portal pages, such as `Referrer-Policy` and `X-Frame-Options`. #### Which issue(s) this PR fixes: Fixes https://github.com/halo-dev/halo/issues/2900 #### Special notes for your reviewer: You can see the response headers of index page: ```diff HTTP/1.1 200 OK Content-Type: text/html Content-Language: en-US + X-Content-Type-Options: nosniff + X-Frame-Options: SAMEORIGIN + X-XSS-Protection: 0 + Referrer-Policy: strict-origin-when-cross-origin content-encoding: gzip content-length: 4285 ``` and request headers with `Referer`: ```diff GET / HTTP/1.1 Host: localhost:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br + Referer: http://localhost:8090/archives/12341234 Connection: keep-alive Cookie: _ga_Z907HJBP8W=GS1.1.1670164888.1.1.1670165603.0.0.0; _ga=GA1.1.807839437.1670164889; SESSION=539e060e-c11e-4b6d-a749-882905b30a88; XSRF-TOKEN=4b692b55-638c-4497-8a4b-be00986eda90 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 ``` #### Does this PR introduce a user-facing change? ```release-note 解决访问分析工具无法显示 referer 的问题 ```		2022-12-16 03:32:35 +00:00
.github	Enable CI on release branches (#2876 )	2022-12-08 10:46:26 +08:00
config/checkstyle	chore: add checkstyle rule (#2091 )	2022-05-17 06:46:11 +00:00
docs	Implement full-text search of posts with Lucene default (#2675 )	2022-11-11 16:12:13 +00:00
gradle/wrapper	Create basic project structure for halo 2.0 (#1699 )	2022-03-04 15:04:11 +08:00
hack	chore: add cherry_pick_pull.sh for cherry-picking pull request (#1554 )	2021-12-03 10:21:24 +08:00
src	Apply specific headers for portal endpoints (#2972 )	2022-12-16 03:32:35 +00:00
.editorconfig	refactor: next line config (#1844 )	2022-04-14 07:49:17 +00:00
.gitattributes	Refactor .gitignore	2019-04-03 11:37:59 +08:00
.gitignore	Initialize default theme when Halo starts up for the first time (#2704 )	2022-11-15 10:50:18 +00:00
CODE_OF_CONDUCT.md	docs: add CODE_OF_CONDUCT.md (#2150 )	2022-06-12 08:10:12 +00:00
CONTRIBUTING.md	chore: add cherry_pick_pull.sh for cherry-picking pull request (#1554 )	2021-12-03 10:21:24 +08:00
Dockerfile	Support command-line arguments running with Docker (#2942 )	2022-12-14 15:12:22 +00:00
LICENSE	Create LICENSE	2018-03-21 21:39:46 +08:00
OWNERS	[main] chore: update reviewers for OWNERS file (#2955 )	2022-12-15 04:00:12 +00:00
README.md	docs: update github workflow badge (#2974 )	2022-12-16 03:12:12 +00:00
SECURITY.md	Update SECURITY.md	2021-09-29 20:43:15 +08:00
build.gradle	chore: upgrade to PF4J 3.8.0 (#2772 )	2022-11-25 11:05:07 +00:00
gradle.properties	Bump halo version to 2.1.0-SNAPSHOT for next release (#2871 )	2022-12-07 06:56:55 +00:00
gradlew	Create basic project structure for halo 2.0 (#1699 )	2022-03-04 15:04:11 +08:00
gradlew.bat	Create basic project structure for halo 2.0 (#1699 )	2022-03-04 15:04:11 +08:00
settings.gradle	Bump Spring Boot to 3.0.0-RC1 (#2620 )	2022-10-25 02:56:11 +00:00

README.md

Halo [ˈheɪloʊ]，好用又强大的开源建站工具。

官网文档社区 Gitee Telegram 频道

快速开始

docker run \
  -it -d \
  --name halo \
  -p 8090:8090 \
  -v ~/.halo2:/root/.halo2 \
  -e HALO_EXTERNAL_URL=http://localhost:8090/ \
  -e HALO_SECURITY_INITIALIZER_SUPERADMINUSERNAME=admin \
  -e HALO_SECURITY_INITIALIZER_SUPERADMINPASSWORD=P@88w0rd \
  halohub/halo:2.0

以上仅作为体验使用，详细部署文档请查阅：https://docs.halo.run/getting-started/install/docker-compose

在线体验

环境地址：https://demo.halo.run
后台地址：https://demo.halo.run/console
用户名：demo
密码：P@ssw0rd123..

生态

可访问 awesome-halo 查看已经适用于 Halo 2.0 的主题和插件，以及适用于 Halo 1.x 的相关仓库。

README.md

快速开始

在线体验

生态

许可证

贡献

状态

README.md Unescape Escape

快速开始

在线体验

生态

许可证

贡献

状态

README.md