feat(security): enable Content-Security-Plolicy for external js
This commit was merged in pull request #267.
This commit is contained in:
@@ -5,7 +5,7 @@ import "net/http"
|
|||||||
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
||||||
|
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' https://umami.me-fit.eu/script.js")
|
w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu")
|
||||||
|
|
||||||
next.ServeHTTP(w, r)
|
next.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user