feat(security): enable Content-Security-Plolicy for external js
This commit was merged in pull request #266.
This commit is contained in:
@@ -5,7 +5,8 @@ import "net/http"
|
||||
func ContentSecurityPolicy(next http.Handler) http.Handler {
|
||||
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Security-Policy", "default-src 'self'")
|
||||
w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' https://umami.me-fit.eu/script.js")
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user