1
0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00

chore: set basic security headers (resolve #174)

This commit is contained in:
Ferdinand Mütsch 2021-04-16 12:35:49 +02:00
parent b9ea6530f9
commit 337b39481b
2 changed files with 33 additions and 0 deletions

View File

@ -185,6 +185,7 @@ func main() {
if config.Sentry.Dsn != "" { if config.Sentry.Dsn != "" {
router.Use(middlewares.NewSentryMiddleware()) router.Use(middlewares.NewSentryMiddleware())
} }
rootRouter.Use(middlewares.NewSecurityMiddleware())
// Route registrations // Route registrations
homeHandler.RegisterRoutes(rootRouter) homeHandler.RegisterRoutes(rootRouter)

32
middlewares/security.go Normal file
View File

@ -0,0 +1,32 @@
package middlewares
import (
"net/http"
)
var securityHeaders = map[string]string{
"Cross-Origin-Opener-Policy": "same-origin",
"Content-Security-Policy": "default-src 'self' 'unsafe-inline'; img-src 'self' https: data:; form-action 'self'; block-all-mixed-content;",
"X-Frame-Options": "DENY",
"X-Content-Type-Options": "nosniff",
}
// SecurityMiddleware is a handler to add some basic security headers to responses
type SecurityMiddleware struct {
handler http.Handler
}
func NewSecurityMiddleware() func(http.Handler) http.Handler {
return func(h http.Handler) http.Handler {
return &SecurityMiddleware{h}
}
}
func (f *SecurityMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
for k, v := range securityHeaders {
if w.Header().Get(k) == "" {
w.Header().Set(k, v)
}
}
f.handler.ServeHTTP(w, r)
}