x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): enable Content-Security-Plolicy #263
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 47s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 52s
Details

Browse Source
This commit was merged in pull request #265.
This commit is contained in:
Tim Wundenberg
2024-11-19 21:47:53 +01:00
parent 490d858508
commit 45a1cbdfd4
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
handler/default.go
View File

@@ -35,5 +35,5 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
authHandler.handle(router) authHandler.handle(router)
return middleware.Logging(middleware.EnableCors(serverSettings, router)) return middleware.Logging(middleware.ContentSecurityPolicy(middleware.EnableCors(serverSettings, router)))
} }

11
middleware/content_security_policiy.go Normal file
View File

@@ -0,0 +1,11 @@
package middleware
import "net/http"
func ContentSecurityPolicy(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Security-Policy", "default-src 'self'")
next.ServeHTTP(w, r)
})
}