Add HTTPSecurityHeaders.CustomFrameOptionsValue option.

Requested in https://github.com/navidrome/navidrome/issues/248#issuecomment-1783768985
2024-05-02 12:12:19 -04:00
parent 7c5eec715d
commit aef49cb8d6
2 changed files with 12 additions and 4 deletions
@@ -80,6 +80,7 @@ type configOptions struct {
 	PasswordEncryptionKey        string
 	ReverseProxyUserHeader       string
 	ReverseProxyWhitelist        string
+	HTTPSecurityHeaders          secureOptions
 	Prometheus                   prometheusOptions
 	Scanner                      scannerOptions
 	Jukebox                      jukeboxOptions
@@ -130,6 +131,10 @@ type listenBrainzOptions struct {
 	BaseURL string
 }

+type secureOptions struct {
+	CustomFrameOptionsValue string
+}
+
 type prometheusOptions struct {
 	Enabled     bool
 	MetricsPath string
@@ -350,6 +355,8 @@ func init() {
 	viper.SetDefault("listenbrainz.enabled", true)
 	viper.SetDefault("listenbrainz.baseurl", "https://api.listenbrainz.org/1/")

+	viper.SetDefault("httpsecurityheaders.customframeoptionsvalue", "DENY")
+
 	// DevFlags. These are used to enable/disable debugging and incomplete features
 	viper.SetDefault("devlogsourceline", false)
 	viper.SetDefault("devenableprofiler", false)