15 lines
493 B
Go
15 lines
493 B
Go
package middleware
|
|
|
|
import "net/http"
|
|
|
|
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
|
|
// because if the response writer get's closed, the headers can't be set anymore
|
|
w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu; frame-ancestors 'none'")
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|