package middleware

import "net/http"

func ContentSecurityPolicy(next http.Handler) http.Handler {

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
		// because if the response writer get's closed, the headers can't be set anymore
		w.Header().Set("Content-Security-Policy", "default-src 'self' https://umami.me-fit.eu")

		next.ServeHTTP(w, r)
	})
}