x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #273 filter sec-fetch #275

Merged
tim merged 1 commits from 273-sec-fetch into prod 2024-11-23 20:31:23 +00:00
Conversation 0 Commits 1 Files Changed 2 +30
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
handler/default.go
View File

@@ -38,6 +38,7 @@ func GetHandler(d *sql.DB, serverSettings *types.ServerSettings) http.Handler {
return middleware.Wrapper(
router,
middleware.Log,
middleware.SecFetchFilter,
middleware.ContentSecurityPolicy,
middleware.Cors(serverSettings),
middleware.Corp,

29
middleware/sec_fetch_filter.go Normal file
View File

@@ -0,0 +1,29 @@
package middleware
import "net/http"
func SecFetchFilter(next http.Handler) http.Handler {
// A map is slower than a slice, but it's easier to check if a value exists
allowedSites := map[string]interface{}{
"same-origin": nil,
"none": nil,
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
secFetchSite := r.Header.Get("Sec-Fetch-Site")
if secFetchSite == "" {
next.ServeHTTP(w, r)
return
}
_, exists := allowedSites[r.Header.Get("Sec-Fetch-Site")]
if !exists {
next.ServeHTTP(w, r)
return
}
w.WriteHeader(http.StatusForbidden)
})
}