Amon2-Plugin-Web-CpanelJSON
view release on metacpan or search on metacpan
- secure\_headers
Parameters of [HTTP::SecureHeaders](https://metacpan.org/pod/HTTP%3A%3ASecureHeaders). Default is as follows:
```perl
content_security_policy => "default-src 'none'",
strict_transport_security => 'max-age=631138519',
x_content_type_options => 'nosniff',
x_download_options => undef,
x_frame_options => 'DENY',
x_permitted_cross_domain_policies => 'none',
x_xss_protection => '1; mode=block',
referrer_policy => 'no-referrer',
```
- json\_escape\_filter
Escapes JSON to prevent XSS. Default is as follows:
```perl
lib/Amon2/Plugin/Web/CpanelJSON.pm view on Meta::CPAN
my %DEFAULT_CONFIG = (
name => 'render_json',
# for security
# refs https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#security-headers
secure_headers => {
content_security_policy => "default-src 'none'",
strict_transport_security => 'max-age=631138519',
x_content_type_options => 'nosniff',
x_download_options => undef,
x_frame_options => 'DENY',
x_permitted_cross_domain_policies => 'none',
x_xss_protection => '1; mode=block',
referrer_policy => 'no-referrer',
},
json_escape_filter => {
# Ref: https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
# Ref: (Japanese) http://www.atmarkit.co.jp/fcoding/articles/webapp/05/webapp05a.html
'+' => '\\u002b', # do not eval as UTF-7
'<' => '\\u003c', # do not eval as HTML
lib/Amon2/Plugin/Web/CpanelJSON.pm view on Meta::CPAN
);
=item secure_headers
Parameters of L<HTTP::SecureHeaders>. Default is as follows:
content_security_policy => "default-src 'none'",
strict_transport_security => 'max-age=631138519',
x_content_type_options => 'nosniff',
x_download_options => undef,
x_frame_options => 'DENY',
x_permitted_cross_domain_policies => 'none',
x_xss_protection => '1; mode=block',
referrer_policy => 'no-referrer',
=item json_escape_filter
Escapes JSON to prevent XSS. Default is as follows:
'+' => '\\u002b',
( run in 2.655 seconds using v1.01-cache-2.11-cpan-e1769b4cff6 )