x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity
This repository has been archived on 2025-08-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
3c1b346c95108a1148abb2f0596cff4cac5b1003
web-app-template/handler/middleware/content_security_policiy.go
Tim Wundenberg 2d5f42bb28
All checks were successful
Build Docker Image / Build-Docker-Image (push) Successful in 42s
Details
Build and Push Docker Image / Build-And-Push-Docker-Image (push) Successful in 48s
Details
fix: move middleware to handlers, as it belongs there
2024-12-04 23:12:39 +01:00

30 lines
839 B
Go
Raw Blame History

package middleware
import "net/http"
func ContentSecurityPolicy(next http.Handler) http.Handler {
values := map[string]string{
"default-src": "'none'",
"script-src": "'self' https://umami.me-fit.eu",
"connect-src": "'self' https://umami.me-fit.eu",
"img-src": "'self'",
"style-src": "'self'",
"form-action": "'self'",
"frame-ancestors": "'none'",
}
var headerValue string
for key, value := range values {
headerValue += key + " " + value + "; "
}
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// While this value can be overridden, it can't be moved to after the next.ServeHTTP call,
// because if the response writer get's closed, the headers can't be set anymore
w.Header().Set("Content-Security-Policy", headerValue)
next.ServeHTTP(w, r)
})
}
Reference in New Issue View Git Blame Copy Permalink