From d752de0447317d8589fd79e2159e3b04007e7cc1 Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Sat, 23 Nov 2024 21:33:13 +0100
Subject: [PATCH] feat(security): #273 enable coop

---
 handler/default.go |  1 +
 middleware/coop.go | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 middleware/coop.go

diff --git a/handler/default.go b/handler/default.go
index 84babf6..d96d6d4 100644
--- a/handler/default.go
+++ b/handler/default.go
@@ -42,5 +42,6 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
 		middleware.ContentSecurityPolicy,
 		middleware.Cors(serverSettings),
 		middleware.Corp,
+		middleware.Coop,
 	)
 }
diff --git a/middleware/coop.go b/middleware/coop.go
new file mode 100644
index 0000000..483c540
--- /dev/null
+++ b/middleware/coop.go
@@ -0,0 +1,13 @@
+package middleware
+
+import (
+	"net/http"
+)
+
+func Coop(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
+
+		next.ServeHTTP(w, r)
+	})
+}