WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Commit d297f5d

Browse files
amlel-el-mahroussamlel-el-mahrouss
committed
feat: helmet middleware for http_proto and unit tests.
Signed-off-by: Amlal El Mahrouss <[email protected]>
1 parent 08339fe commit d297f5d

File tree

3 files changed

+147
-0
lines changed

3 files changed

+147
-0
lines changed

include/boost/http_proto/server/helmet.hpp

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
//
2+
// Copyright (c) 2025 Amlal El Mahrouss (amlal at nekernel dot org)
3+
//
4+
// Distributed under the Boost Software License, Version 1.0. (See accompanying
5+
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6+
//
7+
// Official repository: https://github.com/cppalliance/http_proto
8+
//
9+
10+
#ifndef BOOST_HTTP_PROTO_SERVER_HELMET_HPP
11+
#define BOOST_HTTP_PROTO_SERVER_HELMET_HPP
12+
13+
#include <boost/http_proto/detail/config.hpp>
14+
#include <boost/http_proto/server/route_handler.hpp>
15+
16+
namespace boost {
17+
namespace http_proto {
18+
19+
/// \brief Helmet middleware options.
20+
struct helmet_options final
21+
{
22+
using helmet_pair = std::pair<std::string, std::vector<std::string>>;
23+
using helmet_map = std::vector<helmet_pair>;
24+
25+
/// \brief {key, enabled}
26+
/// \note i.e {bad-header, false} <-- disabled
27+
helmet_map requestHeaders = {
28+
{"Content-Security-Policy", {"default-src 'self'", "base-uri 'self'", "font-src 'self' https: data:", "form-action 'self'", "frame-ancestors 'self'",
29+
"img-src 'self' data:", "object-src 'none'", "script-src 'self'", "script-src-attr 'none'", "style-src 'self' https: 'unsafe-inline'", "upgrade-insecure-requests"}},
30+
{"Cross-Origin-Embedder-Policy", {"require-corp"}},
31+
{"Cross-Origin-Opener-Policy", {"same-origin"}},
32+
{"Cross-Origin-Resource-Policy", {"same-origin"}},
33+
{"X-DNS-Prefetch-Control", {"off"}},
34+
{"Expect-CT", {"max-age=86400, enforce"}},
35+
{"X-Frame-Options", {"SAMEORIGIN"}},
36+
{"X-Powered-By", {""}}, // Remove this header
37+
{"Strict-Transport-Security", {"max-age=15552000", "includeSubDomains"}},
38+
{"X-Download-Options", {"noopen"}},
39+
{"X-Content-Type-Options", {"nosniff"}},
40+
{"Origin-Agent-Cluster", {"?1"}},
41+
{"X-Permitted-Cross-Domain-Policies", {"none"}},
42+
{"Referrer-Policy", {"no-referrer"}},
43+
{"X-XSS-Protection", {"0"}} // Disabled as modern browsers have better protections
44+
};
45+
};
46+
47+
/// \brief Middleware inspired by express.js concept of helmets.
48+
class helmet
49+
{
50+
public:
51+
BOOST_HTTP_PROTO_DECL
52+
explicit helmet(
53+
const helmet_options& options = {}) noexcept;
54+
55+
BOOST_HTTP_PROTO_DECL
56+
route_result
57+
operator()(route_params& p) const;
58+
59+
private:
60+
helmet_options options_;
61+
};
62+
}
63+
}
64+
#endif

src/server/helmet.cpp

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
//
2+
// Copyright (c) 2025 Amlal El Mahrouss (amlal at nekernel dot org)
3+
//
4+
// Distributed under the Boost Software License, Version 1.0. (See accompanying
5+
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6+
//
7+
// Official repository: https://github.com/cppalliance/http_proto
8+
//
9+
10+
#include <boost/http_proto/server/helmet.hpp>
11+
12+
namespace boost {
13+
namespace http_proto {
14+
15+
namespace detail {
16+
auto setHeaderValues(std::vector<std::string>& fields_value) -> std::string {
17+
if (fields_value.empty())
18+
detail::throw_invalid_argument();
19+
20+
std::string res_value;
21+
bool first = false;
22+
23+
for (const auto& value: fields_value)
24+
{
25+
if (first) res_value += "; ";
26+
res_value += value;
27+
first = true;
28+
}
29+
30+
return res_value;
31+
}
32+
}
33+
34+
helmet::
35+
helmet(
36+
const helmet_options& options) noexcept
37+
: options_(std::move(options))
38+
{
39+
40+
}
41+
42+
route_result
43+
helmet::
44+
operator()(
45+
route_params& p) const
46+
{
47+
for (auto hdr : options_.requestHeaders)
48+
{
49+
auto view_res = detail::setHeaderValues(hdr.second);
50+
p.res.set(hdr.first, view_res);
51+
}
52+
53+
return route::next;
54+
}
55+
56+
}
57+
}

test/unit/server/helmet.cpp

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
//
2+
// Copyright (c) 2025 Amlal El Mahrouss (amlal at nekernel dot org)
3+
//
4+
// Distributed under the Boost Software License, Version 1.0. (See accompanying
5+
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6+
//
7+
// Official repository: https://github.com/cppalliance/http_proto
8+
//
9+
10+
#include <boost/http_proto/server/helmet.hpp>
11+
#include "test_suite.hpp"
12+
13+
namespace boost {
14+
namespace http_proto {
15+
16+
struct helmet_test
17+
{
18+
void run() {}
19+
};
20+
21+
TEST_SUITE(
22+
helmet_test,
23+
"boost.http_proto.server.helmet");
24+
}
25+
26+
}

0 commit comments

Comments
 (0)