19 lines
822 B
Lua
19 lines
822 B
Lua
function outputHeader(request, response)
|
|
trace = request:getTracer()
|
|
|
|
cspHeader = response:getHeader("content-security-policy")
|
|
if (cspHeader ~= nil) then
|
|
trace:debug("AGOV CSP: Header set by backend, keep it as is (" .. cspHeader .. ").")
|
|
else
|
|
trace:debug("AGOV CSP: Header not set by backend, default AGOV csp set (" .. param_csp .. ").")
|
|
response:setHeader("content-security-policy", param_csp)
|
|
end
|
|
|
|
if (param_report_only_csp ~= nil and param_report_only_csp ~= "none") then
|
|
trace:debug("AGOV CSP: Additionl report only CSP-header set (" .. param_report_only_csp .. ")")
|
|
response:setHeader("content-security-policy-report-only", param_report_only_csp)
|
|
else
|
|
trace:debug("AGOV CSP: No report only CSP-header set")
|
|
end
|
|
end
|