Skip to content

Commit 5416e00

Browse files
novashdimanovashdima
committed
replace if by switch & check for uncorrect enum
1 parent a75a99a commit 5416e00

File tree

1 file changed

+67
-32
lines changed

1 file changed

+67
-32
lines changed

src/ngx_http_security_headers_module.c

Lines changed: 67 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -272,15 +272,26 @@ ngx_http_security_headers_filter(ngx_http_request_t *r)
272272
&& NGX_HTTP_SECURITY_HEADER_OMIT != slcf->xss
273273
&& ngx_http_test_content_type(r, &slcf->text_types) != NULL)
274274
{
275-
ngx_str_set(&key, "X-XSS-Protection");
276-
if (NGX_HTTP_XSS_HEADER_ON == slcf->xss) {
277-
ngx_str_set(&val, "1");
278-
} else if (NGX_HTTP_XSS_HEADER_BLOCK == slcf->xss) {
279-
ngx_str_set(&val, "1; mode=block");
280-
} else if (NGX_HTTP_XSS_HEADER_OFF == slcf->xss) {
281-
ngx_str_set(&val, "0");
275+
276+
switch (slcf->xss) {
277+
case NGX_HTTP_XSS_HEADER_ON:
278+
ngx_str_set(&val, "1");
279+
break;
280+
case NGX_HTTP_XSS_HEADER_BLOCK:
281+
ngx_str_set(&val, "1; mode=block");
282+
break;
283+
case NGX_HTTP_XSS_HEADER_OFF:
284+
ngx_str_set(&val, "0");
285+
break;
286+
default:
287+
val.len = 0;
288+
val.data = NULL;
289+
}
290+
291+
if (val.data) {
292+
ngx_str_set(&key, "X-XSS-Protection");
293+
ngx_set_headers_out_by_search(r, &key, &val);
282294
}
283-
ngx_set_headers_out_by_search(r, &key, &val);
284295
}
285296

286297
scheme_value = ngx_http_get_variable(r, &scheme, scheme_hash_key);
@@ -300,38 +311,62 @@ ngx_http_security_headers_filter(ngx_http_request_t *r)
300311
&& NGX_HTTP_SECURITY_HEADER_OMIT != slcf->fo
301312
&& ngx_http_test_content_type(r, &slcf->text_types) != NULL)
302313
{
303-
ngx_str_set(&key, "X-Frame-Options");
304-
if (NGX_HTTP_FO_HEADER_SAME == slcf->fo) {
305-
ngx_str_set(&val, "SAMEORIGIN");
306-
} else if (NGX_HTTP_FO_HEADER_DENY == slcf->fo) {
307-
ngx_str_set(&val, "DENY");
314+
315+
switch (slcf->fo) {
316+
case NGX_HTTP_FO_HEADER_SAME:
317+
ngx_str_set(&val, "SAMEORIGIN");
318+
break;
319+
case NGX_HTTP_FO_HEADER_DENY:
320+
ngx_str_set(&val, "DENY");
321+
break;
322+
default:
323+
val.len = 0;
324+
val.data = NULL;
325+
}
326+
327+
if (val.data) {
328+
ngx_str_set(&key, "X-Frame-Options");
329+
ngx_set_headers_out_by_search(r, &key, &val);
308330
}
309-
ngx_set_headers_out_by_search(r, &key, &val);
310331
}
311332

312333
/* Referrer-Policy: no-referrer-when-downgrade */
313334
if (r->headers_out.status != NGX_HTTP_NOT_MODIFIED
314335
&& NGX_HTTP_SECURITY_HEADER_OMIT != slcf->rp) {
315-
ngx_str_set(&key, "Referrer-Policy");
316336

317-
if (NGX_HTTP_RP_HEADER_NO == slcf->rp) {
318-
ngx_str_set(&val, "no-referrer");
319-
} else if (NGX_HTTP_RP_HEADER_DOWNGRADE == slcf->rp) {
320-
ngx_str_set(&val, "no-referrer-when-downgrade");
321-
} else if (NGX_HTTP_RP_HEADER_SAME_ORIGIN == slcf->rp) {
322-
ngx_str_set(&val, "same-origin");
323-
} else if (NGX_HTTP_RP_HEADER_ORIGIN == slcf->rp) {
324-
ngx_str_set(&val, "origin");
325-
} else if (NGX_HTTP_RP_HEADER_STRICT_ORIGIN == slcf->rp) {
326-
ngx_str_set(&val, "strict-origin");
327-
} else if (NGX_HTTP_RP_HEADER_ORIGIN_WHEN_CROSS == slcf->rp) {
328-
ngx_str_set(&val, "origin-when-cross-origin");
329-
} else if (NGX_HTTP_RP_HEADER_STRICT_ORIG_WHEN_CROSS == slcf->rp) {
330-
ngx_str_set(&val, "strict-origin-when-cross-origin");
331-
} else if (NGX_HTTP_RP_HEADER_UNSAFE_URL == slcf->rp) {
332-
ngx_str_set(&val, "unsafe-url");
337+
switch (slcf->rp) {
338+
case NGX_HTTP_RP_HEADER_NO:
339+
ngx_str_set(&val, "no-referrer");
340+
break;
341+
case NGX_HTTP_RP_HEADER_DOWNGRADE:
342+
ngx_str_set(&val, "no-referrer-when-downgrade");
343+
break;
344+
case NGX_HTTP_RP_HEADER_SAME_ORIGIN:
345+
ngx_str_set(&val, "same-origin");
346+
break;
347+
case NGX_HTTP_RP_HEADER_ORIGIN:
348+
ngx_str_set(&val, "origin");
349+
break;
350+
case NGX_HTTP_RP_HEADER_STRICT_ORIGIN:
351+
ngx_str_set(&val, "strict-origin");
352+
break;
353+
case NGX_HTTP_RP_HEADER_ORIGIN_WHEN_CROSS:
354+
ngx_str_set(&val, "origin-when-cross-origin");
355+
break;
356+
case NGX_HTTP_RP_HEADER_STRICT_ORIG_WHEN_CROSS:
357+
ngx_str_set(&val, "strict-origin-when-cross-origin");
358+
break;
359+
case NGX_HTTP_RP_HEADER_UNSAFE_URL:
360+
ngx_str_set(&val, "unsafe-url");
361+
break;
362+
default:
363+
val.len = 0;
364+
val.data = NULL;
333365
}
334-
ngx_set_headers_out_by_search(r, &key, &val);
366+
if (val.data) {
367+
ngx_str_set(&key, "Referrer-Policy");
368+
ngx_set_headers_out_by_search(r, &key, &val);
369+
}
335370
}
336371

337372

0 commit comments

Comments
 (0)