Deuxfleurs/alps
24
1
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity

Add a default CSP

Browse source 
Disallows loading external ressources. Providers can override it with
their reverse proxy settings.
This commit is contained in:
Simon Ser 2019-12-18 12:03:56 +01:00
parent 80da410c3b
commit 3d2da43207
No known key found for this signature in database
GPG key ID: 0FDE7BE0E88F5E48
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
server.go
View file

@ -166,6 +166,13 @@ func New(e *echo.Echo, options *Options) error {
c.String(code, err.Error())
}
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
return func(ectx echo.Context) error {
ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'")
return next(ectx)
}
})
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
return func(ectx echo.Context) error {
ctx := &Context{Context: ectx, Server: s}