diff options
| author | Julien Dessaux | 2021-10-30 18:07:53 +0200 |
|---|---|---|
| committer | Julien Dessaux | 2021-10-30 23:39:46 +0200 |
| commit | f4b774638632bb7f697e6e4afbbeaac984535b40 (patch) | |
| tree | 4598f02f8076a7d8ba344719a853e1b4e628f2d6 | |
| parent | Added caching and security headers (diff) | |
| download | short-f4b774638632bb7f697e6e4afbbeaac984535b40.tar.gz short-f4b774638632bb7f697e6e4afbbeaac984535b40.tar.bz2 short-f4b774638632bb7f697e6e4afbbeaac984535b40.zip | |
Added security headers to non caching requests
| -rw-r--r-- | src/short.nim | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/short.nim b/src/short.nim index 392cf34..1822e20 100644 --- a/src/short.nim +++ b/src/short.nim @@ -23,6 +23,8 @@ const secureHeaders = @[ ("Permissions-Policy", "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"), ("Strict-Transport-Security", "max-age=16000000;"), ] +const nonCachingHeaders = concat(secureHeaders, @[("Cache-Control", "max-age=0" )]) +const htmlHeaders = concat(nonCachingHeaders, @[("content-type", "text/html")]) const cachingHeaders = concat(secureHeaders, @[("Cache-Control", "public, max-age=31536000, immutable" )]) const cssHeaders = concat(cachingHeaders, @[("content-type", "text/css")]) const icoHeaders = concat(cachingHeaders, @[("content-type", "image/x-icon")]) @@ -115,14 +117,14 @@ proc handleIndexPost(params: Table[string, string]): (HttpCode, string) {.raises routes: get "/": - resp renderIndex() + resp Http200, htmlHeaders, renderIndex() get "/about": - resp renderAbout() + resp Http200, htmlHeaders, renderAbout() post "/": initDB() var (code, content) = handleIndexPost(request.params) if code != Http200: - resp code, content + resp code, htmlHeaders, content else: redirect("/" & content) get "/static/favicon.ico": @@ -134,7 +136,7 @@ routes: get "/@token": initDB() var (code, content) = handleToken(@"token") - resp code, content + resp code, htmlHeaders, content when isMainModule: runForever() |