x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #328 delete old sessions for change and forgot password
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 43s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 50s
Details

Browse Source
This commit was merged in pull request #335.
This commit is contained in:
Tim Wundenberg
2024-12-17 22:21:46 +01:00
parent 43d0a3d022
commit dcc5207272
13 changed files with 292 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
handler/middleware/security_headers.go
View File

@@ -14,13 +14,13 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
w.Header().Set("Access-Control-Allow-Origin", serverSettings.BaseUrl)
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE")
w.Header().Set("Content-Security-Policy",
"default-src 'none';"+
"script-src 'self' https://umami.me-fit.eu"+
"connect-src 'self' https://umami.me-fit.eu"+
"img-src 'self'"+
"style-src 'self'"+
"form-action 'self'"+
"frame-ancestors 'none'",
"default-src 'none'; "+
"script-src 'self' https://umami.me-fit.eu; "+
"connect-src 'self' https://umami.me-fit.eu; "+
"img-src 'self'; "+
"style-src 'self'; "+
"form-action 'self'; "+
"frame-ancestors 'none'; ",
)
w.Header().Set("Cross-Origin-Resource-Policy", "same-origin")
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")