From c4bc01766d2723a641f0bc9bd81815b6da472407 Mon Sep 17 00:00:00 2001
From: Russ Young <ruyoung@microsoft.com>
Date: Wed, 12 May 2021 11:56:09 -0600
Subject: [PATCH] Removed conditional code for OWASP headers

---
 configure.ac               | 12 ------------
 src/worker-auth.c          |  4 ----
 src/worker-http-handlers.c |  2 --
 src/worker-http.c          |  4 +---
 src/worker-kkdcp.c         |  3 ---
 src/worker-vpn.c           |  2 --
 src/worker.h               |  2 --
 tests/Makefile.am          |  2 --
 8 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/configure.ac b/configure.ac
index a80ad471..f483b751 100644
--- a/configure.ac
+++ b/configure.ac
@@ -669,18 +669,6 @@ fi
 AM_CONDITIONAL(ENABLE_OIDC_AUTH,  test "x$enable_oidc_auth" = xyes)
 AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes)
 
-AC_ARG_ENABLE([owasp-headers],
-  [AS_HELP_STRING([--enable-owasp-headers],
-                  [whether to add owasp.org http security headers (default is no)])],
-  [enable_owasp_headers=$enableval],
-  [enable_owasp_headers=no]
-)
-
-if test "x$enable_owasp_headers" = xyes; then
-  AC_DEFINE([ENABLE_OWASP_HEADERS], 1, [Add OWASP default http headers to responses])
-fi
-AM_CONDITIONAL(ENABLE_OWASP_HEADERS_TESTS, test "x$enable_owasp_headers" = xyes)
-
 AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), [])
 
 uid=$(id -u)
diff --git a/src/worker-auth.c b/src/worker-auth.c
index 2fbc4d5b..761c8813 100644
--- a/src/worker-auth.c
+++ b/src/worker-auth.c
@@ -438,13 +438,11 @@ int get_auth_handler2(worker_st * ws, unsigned http_ver, const char *pmsg, unsig
 		goto cleanup;
 	}
 
-#ifdef ENABLE_OWASP_HEADERS
 	ret = add_owasp_headers(ws);
 	if (ret < 0) {
 		ret = -1;
 		goto cleanup;
 	}
-#endif
 
 	ret = cstp_puts(ws, "\r\n");
 	if (ret < 0) {
@@ -1097,12 +1095,10 @@ int post_common_handler(worker_st * ws, unsigned http_ver, const char *imsg)
 	if (ret < 0)
 		goto fail;
 
-#ifdef ENABLE_OWASP_HEADERS
 	ret = 
 		add_owasp_headers(ws);
 	if (ret < 0)
 		goto fail;
-#endif
 
 
 #ifdef ANYCONNECT_CLIENT_COMPAT	
diff --git a/src/worker-http-handlers.c b/src/worker-http-handlers.c
index bf72d8fd..4df5c2cd 100644
--- a/src/worker-http-handlers.c
+++ b/src/worker-http-handlers.c
@@ -58,9 +58,7 @@ static int send_headers(worker_st *ws, unsigned http_ver, const char *content_ty
 	    cstp_printf(ws, "Content-Type: %s\r\n", content_type) < 0 ||
 	    cstp_puts  (ws, "X-Transcend-Version: 1\r\n") < 0 ||
 	    cstp_printf(ws, "Content-Length: %u\r\n", content_length) < 0 ||
-#ifdef ENABLE_OWASP_HEADERS
 		add_owasp_headers(ws) < 0 ||
-#endif				
 	    cstp_puts  (ws, "\r\n") < 0)
 		return -1;
 	return 0;
diff --git a/src/worker-http.c b/src/worker-http.c
index 39d1bebf..adf00d5b 100644
--- a/src/worker-http.c
+++ b/src/worker-http.c
@@ -863,7 +863,6 @@ void http_req_deinit(worker_st * ws)
 	ws->req.body = NULL;
 }
 
-#ifdef ENABLE_OWASP_HEADERS
 /* add_owasp_headers:
  * @ws: an initialized worker structure
  *
@@ -888,5 +887,4 @@ int add_owasp_headers(worker_st * ws)
 		return -1;
 	}
 	return 0;
-}
-#endif
+}
\ No newline at end of file
diff --git a/src/worker-kkdcp.c b/src/worker-kkdcp.c
index ec50b429..2e126536 100644
--- a/src/worker-kkdcp.c
+++ b/src/worker-kkdcp.c
@@ -273,13 +273,10 @@ int post_kkdcp_handler(worker_st *ws, unsigned http_ver)
 		goto fail;
 	}
 
-#ifdef ENABLE_OWASP_HEADERS
 	ret = add_owasp_headers(ws);
 	if (ret < 0) {
 		goto fail;
 	}
-#endif
-	
 
 	ret = cstp_puts(ws, "\r\n");
 	if (ret < 0) {
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
index 3574c5f3..228174a5 100644
--- a/src/worker-vpn.c
+++ b/src/worker-vpn.c
@@ -1931,10 +1931,8 @@ static int connect_handler(worker_st * ws)
 	ret = cstp_puts(ws, "HTTP/1.1 200 CONNECTED\r\n");
 	SEND_ERR(ret);
 
-#ifdef ENABLE_OWASP_HEADERS
 	ret = add_owasp_headers(ws);
 	SEND_ERR(ret);
-#endif
 
 	ret = cstp_puts(ws, "X-CSTP-Version: 1\r\n");
 	SEND_ERR(ret);
diff --git a/src/worker.h b/src/worker.h
index e3660e6f..be94e415 100644
--- a/src/worker.h
+++ b/src/worker.h
@@ -422,9 +422,7 @@ int parse_proxy_proto_header(struct worker_st *ws, int fd);
 
 void cookie_authenticate_or_exit(worker_st *ws);
 
-#ifdef ENABLE_OWASP_HEADERS
 int add_owasp_headers(worker_st * ws);
-#endif
 
 /* after that time (secs) of inactivity in the UDP part, connection switches to 
  * TCP (if activity occurs there).
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e0c75329..8e86d6f1 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -180,9 +180,7 @@ check_PROGRAMS += gen_oidc_test_data
 dist_check_SCRIPTS += test-oidc
 endif
 
-if ENABLE_OWASP_HEADERS_TESTS
 dist_check_SCRIPTS += test-owasp-headers
-endif
 
 dist_check_SCRIPTS += test-replay