setSecurityHeaders method
void
setSecurityHeaders({})
Sets common security headers.
Implementation
void setSecurityHeaders({
bool enableHsts = false,
bool enableCsp = false,
bool enableXFrameOptions = true,
bool enableXContentTypeOptions = true,
String? cspPolicy,
}) {
if (enableHsts) {
setHeader(
'Strict-Transport-Security',
'max-age=31536000; includeSubDomains',
);
}
if (enableCsp && cspPolicy != null) {
setHeader('Content-Security-Policy', cspPolicy);
}
if (enableXFrameOptions) {
setHeader('X-Frame-Options', 'DENY');
}
if (enableXContentTypeOptions) {
setHeader('X-Content-Type-Options', 'nosniff');
}
}