x/spend-sparrow
2
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(security): #273 disable frame-ancestors

Browse Source
This commit is contained in:
Tim Wundenberg
2024-11-23 12:52:52 +01:00
parent 9ab78b6cc8
commit ae32bf7232
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/content_security_policiy.go
View File

@@ -7,7 +7,7 @@ func ContentSecurityPolicy(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call, // While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
// because if the response writer get's closed, the headers can't be set anymore // because if the response writer get's closed, the headers can't be set anymore
w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu") w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu; frame-ancestors 'none'")
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })