mirror of
https://github.com/muety/wakapi.git
synced 2023-08-10 21:12:56 +03:00
33 lines
855 B
Go
33 lines
855 B
Go
|
package middlewares
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
)
|
||
|
|
||
|
var securityHeaders = map[string]string{
|
||
|
"Cross-Origin-Opener-Policy": "same-origin",
|
||
|
"Content-Security-Policy": "default-src 'self' 'unsafe-inline'; img-src 'self' https: data:; form-action 'self'; block-all-mixed-content;",
|
||
|
"X-Frame-Options": "DENY",
|
||
|
"X-Content-Type-Options": "nosniff",
|
||
|
}
|
||
|
|
||
|
// SecurityMiddleware is a handler to add some basic security headers to responses
|
||
|
type SecurityMiddleware struct {
|
||
|
handler http.Handler
|
||
|
}
|
||
|
|
||
|
func NewSecurityMiddleware() func(http.Handler) http.Handler {
|
||
|
return func(h http.Handler) http.Handler {
|
||
|
return &SecurityMiddleware{h}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func (f *SecurityMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||
|
for k, v := range securityHeaders {
|
||
|
if w.Header().Get(k) == "" {
|
||
|
w.Header().Set(k, v)
|
||
|
}
|
||
|
}
|
||
|
f.handler.ServeHTTP(w, r)
|
||
|
}
|