/
security.go
28 lines (23 loc) Β· 904 Bytes
/
security.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
package server
import (
"github.com/gin-gonic/gin"
"github.com/photoprism/photoprism/internal/api"
"github.com/photoprism/photoprism/internal/config"
"github.com/photoprism/photoprism/pkg/header"
)
// Security is a middleware that adds security-related headers to the server's response.
var Security = func(conf *config.Config) gin.HandlerFunc {
return func(c *gin.Context) {
// Abort if the request should not be served through a CDN.
if header.AbortCdnRequest(c.Request) {
api.AbortNotFound(c)
return
}
// Set Content Security Policy.
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
c.Header(header.ContentSecurityPolicy, header.DefaultContentSecurityPolicy)
// Set Frame Options.
// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
c.Header(header.FrameOptions, header.DefaultFrameOptions)
}
}