x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #273 disable frame-ancestors
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 42s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 45s
Details

Browse Source
This commit was merged in pull request #274.
This commit is contained in:
Tim Wundenberg
2024-11-23 12:52:52 +01:00
parent 9ab78b6cc8
commit ae32bf7232
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/content_security_policiy.go
View File

@@ -7,7 +7,7 @@ func ContentSecurityPolicy(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call, // While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
// because if the response writer get's closed, the headers can't be set anymore // because if the response writer get's closed, the headers can't be set anymore
w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu") w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu; frame-ancestors 'none'")
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })