-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
security.go
28 lines (24 loc) · 816 Bytes
/
security.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
package middlewares
import (
"fmt"
"strings"
"github.com/getfider/fider/app/pkg/env"
"github.com/getfider/fider/app/pkg/web"
)
// Secure adds web security related Http Headers to response
func Secure() web.MiddlewareFunc {
return func(next web.HandlerFunc) web.HandlerFunc {
return func(c web.Context) error {
cdnHost := env.Config.CDN.Host
if cdnHost != "" && !env.IsSingleHostMode() {
cdnHost = "*." + cdnHost
}
csp := fmt.Sprintf(web.CspPolicyTemplate, c.ContextID(), cdnHost)
c.Response.Header().Set("Content-Security-Policy", strings.TrimSpace(csp))
c.Response.Header().Set("X-XSS-Protection", "1; mode=block")
c.Response.Header().Set("X-Content-Type-Options", "nosniff")
c.Response.Header().Set("Referrer-Policy", "no-referrer-when-downgrade")
return next(c)
}
}
}