[release] v0.9.21
This commit is contained in:
parent
75c0521ad9
commit
525146a210
|
@ -1,4 +1,4 @@
|
|||
## Version 0.9.20
|
||||
## Version 0.9.20 - 0.9.21
|
||||
- Add option to disable CORS hardening (with empty value)
|
||||
|
||||
## Version 0.9.19
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cosmos-server",
|
||||
"version": "0.9.20",
|
||||
"version": "0.9.21",
|
||||
"description": "",
|
||||
"main": "test-server.js",
|
||||
"bugs": {
|
||||
|
|
|
@ -98,11 +98,14 @@ func NewProxy(targetHost string, AcceptInsecureHTTPSTarget bool, VerboseForwardH
|
|||
utils.Debug("Response from backend: " + resp.Status)
|
||||
utils.Debug("URL was " + resp.Request.URL.String())
|
||||
|
||||
if !DisableHeaderHardening {
|
||||
if CORSOrigin != "" {
|
||||
resp.Header.Del("Access-Control-Allow-Origin")
|
||||
resp.Header.Del("Access-Control-Allow-Methods")
|
||||
resp.Header.Del("Access-Control-Allow-Headers")
|
||||
resp.Header.Del("Access-Control-Allow-Credentials")
|
||||
}
|
||||
|
||||
if !DisableHeaderHardening {
|
||||
resp.Header.Del("Strict-Transport-Security")
|
||||
resp.Header.Del("X-Content-Type-Options")
|
||||
resp.Header.Del("Content-Security-Policy")
|
||||
|
|
Loading…
Reference in a new issue