x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix(security): remove sec-fetch filter because it prohibited page reloads
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 38s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 43s
Details

Browse Source
This commit was merged in pull request #284.
This commit is contained in:
Tim Wundenberg
2024-11-24 21:52:34 +01:00
parent 8ee4c1ede4
commit a62f0fb037
2 changed files with 0 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
handler/default.go
View File

@@ -38,7 +38,6 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
return middleware.Wrapper( return middleware.Wrapper(
router, router,
middleware.Log, middleware.Log,
middleware.SecFetchFilter,
middleware.ContentSecurityPolicy, middleware.ContentSecurityPolicy,
middleware.Cors(serverSettings), middleware.Cors(serverSettings),
middleware.Corp, middleware.Corp,

29
middleware/sec_fetch_filter.go
View File

@@ -1,29 +0,0 @@
package middleware
import "net/http"
func SecFetchFilter(next http.Handler) http.Handler {
// A map is slower than a slice, but it's easier to check if a value exists
allowedSites := map[string]interface{}{
"same-origin": nil,
"none": nil,
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
secFetchSite := r.Header.Get("Sec-Fetch-Site")
if secFetchSite == "" {
next.ServeHTTP(w, r)
return
}
_, exists := allowedSites[r.Header.Get("Sec-Fetch-Site")]
if exists {
next.ServeHTTP(w, r)
return
}
w.WriteHeader(http.StatusForbidden)
})
}