我想将Strict Transport Security标头添加到web应用程序中。
这是的设置
Dispatch = cowboy_router:compile([
{'_', [
{"/", cowboy_static, {file, env_file:filepath({data, "assets/index.html"})}}
]}
]),
{ok, _} = cowboy:start_tls(product_https,
[
{port, 8443},
{certfile, env_file:filepath({etc, "ssl/cert.crt"})},
{keyfile, env_file:filepath({etc, "ssl/key.key"})}
],
#{env => #{dispatch => Dispatch}}
)
在提供静态文件时,我在哪里添加HSTS或其他自定义标头?
使用中间件就是解决方案。
设置为:
Dispatch = cowboy_router:compile([
{'_', [
{"/", cowboy_static, {file, env_file:filepath({data, "assets/index.html"})}}
]}
]),
{ok, _} = cowboy:start_tls(product_https,
[
{port, 8443},
{certfile, env_file:filepath({etc, "ssl/cert.crt"})},
{keyfile, env_file:filepath({etc, "ssl/key.key"})}
],
#{
env => #{dispatch => Dispatch},
middlewares => [cowboy_router, my_security_middleware, cowboy_handler]}
}
)
这里是中间件实现
-module(my_security_middleware).
-behaviour(cowboy_middleware).
-export([execute/2]).
execute(Req, Env) ->
Req2 = cowboy_req:set_resp_header(<<"aaaaa">>, <<"bbbbb">>, Req),
{ok, Req2, Env}.
这将在所有请求响应中添加头aaaa:bbbb。