30 lines
839 B
Go
30 lines
839 B
Go
package middleware
|
|
|
|
import "net/http"
|
|
|
|
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
|
|
|
values := map[string]string{
|
|
"default-src": "'none'",
|
|
"script-src": "'self' https://umami.me-fit.eu",
|
|
"connect-src": "'self' https://umami.me-fit.eu",
|
|
"img-src": "'self'",
|
|
"style-src": "'self'",
|
|
"form-action": "'self'",
|
|
"frame-ancestors": "'none'",
|
|
}
|
|
|
|
var headerValue string
|
|
for key, value := range values {
|
|
headerValue += key + " " + value + "; "
|
|
}
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
|
|
// because if the response writer get's closed, the headers can't be set anymore
|
|
w.Header().Set("Content-Security-Policy", headerValue)
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|