feat: src/helmet.cpp: implement (cppalliance#230 (comment))

amlel-el-mahrouss · amlel-el-mahrouss · commit e75183df426e · 2025-12-21T20:44:13.000+01:00
Signed-off-by: Amlal El Mahrouss &lt;amlal@nekernel.org&gt;
diff --git a/include/boost/http_proto/server/helmet.hpp b/include/boost/http_proto/server/helmet.hpp
@@ -21,27 +21,33 @@ struct helmet_options
 {
     using helmet_pair = std::pair<std::string, std::vector<std::string>>;
     using helmet_map     = std::vector<helmet_pair>;
+    using cached_pair = std::pair<std::string, std::string>;
+    using cached_vector = std::vector<cached_pair>;
 
     /// \brief {key, enabled}
     /// \note i.e {bad-header, ""} <-- disabled
-    helmet_map requestHeaders = {
-        {"Content-Security-Policy", {"default-src 'self'", "base-uri 'self'", "font-src 'self' https: data:", "form-action 'self'", "frame-ancestors 'self'", 
-            "img-src 'self' data:", "object-src 'none'", "script-src 'self'", "script-src-attr 'none'", "style-src 'self' https: 'unsafe-inline'", "upgrade-insecure-requests"}},
-        {"Cross-Origin-Embedder-Policy", {"require-corp"}},
-        {"Cross-Origin-Opener-Policy", {"same-origin"}},
-        {"Cross-Origin-Resource-Policy", {"same-origin"}},
-        {"X-DNS-Prefetch-Control", {"off"}},
-        {"Expect-CT", {"max-age=86400, enforce"}},
-        {"X-Frame-Options", {"SAMEORIGIN"}},
-        {"X-Powered-By", {""}},  // Remove this header
-        {"Strict-Transport-Security", {"max-age=15552000", "includeSubDomains"}},
-        {"X-Download-Options", {"noopen"}},
-        {"X-Content-Type-Options", {"nosniff"}},
-        {"Origin-Agent-Cluster", {"?1"}},
-        {"X-Permitted-Cross-Domain-Policies", {"none"}},
-        {"Referrer-Policy", {"no-referrer"}},
-        {"X-XSS-Protection", {"0"}}  // Disabled as modern browsers have better protections
-    };
+    struct helmet_headers_option {
+        helmet_map headers = {
+            {"Content-Security-Policy", {"default-src 'self'", "base-uri 'self'", "font-src 'self' https: data:", "form-action 'self'", "frame-ancestors 'self'", 
+                "img-src 'self' data:", "object-src 'none'", "script-src 'self'", "script-src-attr 'none'", "style-src 'self' https: 'unsafe-inline'", "upgrade-insecure-requests"}},
+            {"Cross-Origin-Embedder-Policy", {"require-corp"}},
+            {"Cross-Origin-Opener-Policy", {"same-origin"}},
+            {"Cross-Origin-Resource-Policy", {"same-origin"}},
+            {"X-DNS-Prefetch-Control", {"off"}},
+            {"Expect-CT", {"max-age=86400, enforce"}},
+            {"X-Frame-Options", {"SAMEORIGIN"}},
+            {"X-Powered-By", {""}},  // Remove this header
+            {"Strict-Transport-Security", {"max-age=15552000", "includeSubDomains"}},
+            {"X-Download-Options", {"noopen"}},
+            {"X-Content-Type-Options", {"nosniff"}},
+            {"Origin-Agent-Cluster", {"?1"}},
+            {"X-Permitted-Cross-Domain-Policies", {"none"}},
+            {"Referrer-Policy", {"no-referrer"}},
+            {"X-XSS-Protection", {"0"}}  // Disabled as modern browsers have better protections
+        };
+        
+        cached_vector cachedHeaders;
+    } requestHeaders;
 };
 
 /// \brief Middleware inspired by express.js concept of helmets.
diff --git a/src/server/helmet.cpp b/src/server/helmet.cpp
@@ -29,24 +29,40 @@ namespace detail {
 
         return res_value;
     }
+
+    /// \note This function caches the function back to the **hdr** (here the cachedHeaders)
+    auto setCachedHeaderValues(std::vector<std::pair<std::string, std::string>>& hdr, 
+                                const std::pair<std::string, std::string>& pair) -> void {
+        if (pair.second.empty())
+            detail::throw_length_error();
+
+        hdr.push_back(pair);
+    }
 }
 
 helmet::
 helmet(
     helmet_options options) noexcept
     : options_(options)
 {
+        for (auto& hdr : options_.requestHeaders.headers)
+        {
+            std::string cachedResult = detail::setHeaderValues(hdr.second);
 
+            detail::setCachedHeaderValues(
+                options_.requestHeaders.cachedHeaders,
+                std::make_pair(hdr.first, cachedResult));
+        }
 }
 
 route_result
 helmet::
 operator()(
     route_params& p) const
 {
-    for (const auto& hdr : options_.requestHeaders)
+    for (const auto& hdr : options_.requestHeaders.cachedHeaders)
     {
-        p.res.set(hdr.first, detail::setHeaderValues(hdr.second));
+        p.res.set(hdr.first, hdr.second);
     }
 
     return route::next;

Original file line number	Diff line number	Diff line change
`@@ -29,24 +29,40 @@ namespace detail {`
`29`	`29`
`30`	`30`	`return res_value;`
`31`	`31`	`}`
	`32`	`+`
	`33`	`+ /// \note This function caches the function back to the hdr (here the cachedHeaders)`
	`34`	`+ auto setCachedHeaderValues(std::vector<std::pair<std::string, std::string>>& hdr,`
	`35`	`+ const std::pair<std::string, std::string>& pair) -> void {`
	`36`	`+ if (pair.second.empty())`
	`37`	`+ detail::throw_length_error();`
	`38`	`+`
	`39`	`+ hdr.push_back(pair);`
	`40`	`+ }`
`32`	`41`	`}`
`33`	`42`
`34`	`43`	`helmet::`
`35`	`44`	`helmet(`
`36`	`45`	`helmet_options options) noexcept`
`37`	`46`	`: options_(options)`
`38`	`47`	`{`
	`48`	`+ for (auto& hdr : options_.requestHeaders.headers)`
	`49`	`+ {`
	`50`	`+ std::string cachedResult = detail::setHeaderValues(hdr.second);`
`39`	`51`
	`52`	`+ detail::setCachedHeaderValues(`
	`53`	`+ options_.requestHeaders.cachedHeaders,`
	`54`	`+ std::make_pair(hdr.first, cachedResult));`
	`55`	`+ }`
`40`	`56`	`}`
`41`	`57`
`42`	`58`	`route_result`
`43`	`59`	`helmet::`
`44`	`60`	`operator()(`
`45`	`61`	`route_params& p) const`
`46`	`62`	`{`
`47`		`- for (const auto& hdr : options_.requestHeaders)`
	`63`	`+ for (const auto& hdr : options_.requestHeaders.cachedHeaders)`
`48`	`64`	`{`
`49`		`- p.res.set(hdr.first, detail::setHeaderValues(hdr.second));`
	`65`	`+ p.res.set(hdr.first, hdr.second);`
`50`	`66`	`}`
`51`	`67`
`52`	`68`	`return route::next;`