x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #328 delete old sessions [tbs]
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 42s
Details

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-17 22:21:46 +01:00
parent 086d373442
commit 3003e4f1bf
4 changed files with 87 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
handler/middleware/security_headers.go
View File

@@ -14,13 +14,13 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
w.Header().Set("Access-Control-Allow-Origin", serverSettings.BaseUrl)
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
w.Header().Set("Content-Security-Policy",
"default-src 'none';"+
"script-src 'self' https://umami.me-fit.eu"+
"connect-src 'self' https://umami.me-fit.eu"+
"img-src 'self'"+
"style-src 'self'"+
"form-action 'self'"+
"frame-ancestors 'none'",
"default-src 'none'; "+
"script-src 'self' https://umami.me-fit.eu; "+
"connect-src 'self' https://umami.me-fit.eu; "+
"img-src 'self'; "+
"style-src 'self'; "+
"form-action 'self'; "+
"frame-ancestors 'none'; ",
)
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")