x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #314 include hsts
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 42s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 48s
Details

Browse Source
This commit was merged in pull request #316.
This commit is contained in:
Tim Wundenberg
2024-12-12 21:50:32 +01:00
parent 1ad694ce2b
commit f0ec293be8
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
handler/middleware/security_headers.go
View File

@@ -34,6 +34,7 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=()") w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=()")
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
w.Header().Set("Permissions-Policy", "interest-cohort=()") w.Header().Set("Permissions-Policy", "interest-cohort=()")
w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload")
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)