chore: add Content-Security-Policy header

2024-06-07 23:00:43 +00:00 · 2021-07-26 11:08:39 +02:00 · 2021-07-26 11:08:39 +02:00 · 201329abce
commit 201329abce
parent f2b5dd3787
1 changed files with 6 additions and 0 deletions
--- a/http/http.go
+++ b/http/http.go
@ -25,6 +25,12 @@ func NewHandler(
 	server.Clean()

 	r := mux.NewRouter()
+	r.Use(func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Content-Security-Policy", `default-src 'self'`)
+			next.ServeHTTP(w, r)
+		})
+	})
 	index, static := getStaticHandlers(store, server, assetsFs)

 	// NOTE: This fixes the issue where it would redirect if people did not put a