mirror of https://github.com/halo-dev/halo
![]() #### What type of PR is this? /kind improvement /area core #### What this PR does / why we need it: This PR separates security configuration of RESTful APIs and portal pages to configure specific headers for portal pages, such as `Referrer-Policy` and `X-Frame-Options`. #### Which issue(s) this PR fixes: Fixes https://github.com/halo-dev/halo/issues/2900 #### Special notes for your reviewer: You can see the response headers of index page: ```diff HTTP/1.1 200 OK Content-Type: text/html Content-Language: en-US + X-Content-Type-Options: nosniff + X-Frame-Options: SAMEORIGIN + X-XSS-Protection: 0 + Referrer-Policy: strict-origin-when-cross-origin content-encoding: gzip content-length: 4285 ``` and request headers with `Referer`: ```diff GET / HTTP/1.1 Host: localhost:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br + Referer: http://localhost:8090/archives/12341234 Connection: keep-alive Cookie: _ga_Z907HJBP8W=GS1.1.1670164888.1.1.1670165603.0.0.0; _ga=GA1.1.807839437.1670164889; SESSION=539e060e-c11e-4b6d-a749-882905b30a88; XSRF-TOKEN=4b692b55-638c-4497-8a4b-be00986eda90 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 ``` #### Does this PR introduce a user-facing change? ```release-note 解决访问分析工具无法显示 referer 的问题 ``` |
||
---|---|---|
.github | ||
config/checkstyle | ||
docs | ||
gradle/wrapper | ||
hack | ||
src | ||
.editorconfig | ||
.gitattributes | ||
.gitignore | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
Dockerfile | ||
LICENSE | ||
OWNERS | ||
README.md | ||
SECURITY.md | ||
build.gradle | ||
gradle.properties | ||
gradlew | ||
gradlew.bat | ||
settings.gradle |
README.md
Halo [ˈheɪloʊ],好用又强大的开源建站工具。
快速开始
docker run \
-it -d \
--name halo \
-p 8090:8090 \
-v ~/.halo2:/root/.halo2 \
-e HALO_EXTERNAL_URL=http://localhost:8090/ \
-e HALO_SECURITY_INITIALIZER_SUPERADMINUSERNAME=admin \
-e HALO_SECURITY_INITIALIZER_SUPERADMINPASSWORD=P@88w0rd \
halohub/halo:2.0
以上仅作为体验使用,详细部署文档请查阅:https://docs.halo.run/getting-started/install/docker-compose
在线体验
- 环境地址:https://demo.halo.run
- 后台地址:https://demo.halo.run/console
- 用户名:
demo
- 密码:
P@ssw0rd123..
生态
可访问 awesome-halo 查看已经适用于 Halo 2.0 的主题和插件,以及适用于 Halo 1.x 的相关仓库。
许可证
Halo 使用 GPL-v3.0 协议开源,请遵守开源协议。
贡献
参考 CONTRIBUTING。