x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(observability): #360 remove umami to reduce complexity

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-31 12:01:27 +01:00
parent 0b155af4c9
commit 508aa3038b
6 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
handler/middleware/security_headers.go
View File

@@ -15,14 +15,14 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
w.Header().Set("Content-Security-Policy",
"default-src 'none'; "+
"script-src 'self' https://umami.me-fit.eu; "+
"connect-src 'self' https://umami.me-fit.eu; "+
"script-src 'self'; "+
"connect-src 'self'; "+
"img-src 'self'; "+
"style-src 'self'; "+
"form-action 'self'; "+
"frame-ancestors 'none'; ",
)
w.Header().Set("Cross-Origin-Resource-Policy", "same-site") // same-site, as same origin prohibits umami
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=(), interest-cohort=()")