fix(security): remove sec-fetch filter because it prohibited page reloads

2024-11-24 21:52:34 +01:00
parent 8ee4c1ede4
commit a62f0fb037
2 changed files with 0 additions and 30 deletions
--- a/handler/default.go
+++ b/handler/default.go
@@ -38,7 +38,6 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
 	return middleware.Wrapper(
 		router,
 		middleware.Log,
-		middleware.SecFetchFilter,
 		middleware.ContentSecurityPolicy,
 		middleware.Cors(serverSettings),
 		middleware.Corp,
--- a/middleware/sec_fetch_filter.go
+++ b/middleware/sec_fetch_filter.go
@@ -1,29 +0,0 @@
-package middleware
-
-import "net/http"
-
-func SecFetchFilter(next http.Handler) http.Handler {
-
-	// A map is slower than a slice, but it's easier to check if a value exists
-	allowedSites := map[string]interface{}{
-		"same-origin": nil,
-		"none":        nil,
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		secFetchSite := r.Header.Get("Sec-Fetch-Site")
-
-		if secFetchSite == "" {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		_, exists := allowedSites[r.Header.Get("Sec-Fetch-Site")]
-		if exists {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		w.WriteHeader(http.StatusForbidden)
-	})
-}