Fix formatting of HTTP security headers

When printing out HTTP security headers, run_security_headers() uses out_row_aligned_max_width(), since some headers are very long and need to be wrapped. At the moment, however, the first line is too long. The problem is that while "$header $HEADERVALUE" is printed in the indented area, only $HEADERVALUE is passed to out_row_aligned_max_width().

This PR fixes the problem by passing "$header $HEADERVALUE" to out_row_aligned_max_width() so that the the first line is wrapped at the correct place.
This commit is contained in:
David Cooper 2019-12-03 15:38:16 -05:00 committed by GitHub
parent 9ee0feef3d
commit 725fdc11cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3029,7 +3029,7 @@ run_cookie_flags() { # ARG1: Path
run_security_headers() { run_security_headers() {
local good_header="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT" local good_header="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP Content-Security-Policy-Report-Only Expect-CT"
local other_header="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible" local other_header="Access-Control-Allow-Origin Upgrade X-Served-By Referrer-Policy X-UA-Compatible"
local header local header header_output
local first=true local first=true
local spaces=" " local spaces=" "
local have_header=false local have_header=false
@ -3047,8 +3047,11 @@ run_security_headers() {
if "$first"; then if "$first"; then
first=false first=false
fi fi
# Include $header when determining where to insert line breaks, but print $header
# separately.
pr_svrty_good "$header" pr_svrty_good "$header"
outln " $(out_row_aligned_max_width "$HEADERVALUE" "$spaces" $TERM_WIDTH)" header_output="$(out_row_aligned_max_width "$header $HEADERVALUE" "$spaces" $TERM_WIDTH)"
outln "${header_output#$header}"
fileout "$header" "OK" "$HEADERVALUE" fileout "$header" "OK" "$HEADERVALUE"
fi fi
done done