Add a default CSP
Disallows loading external ressources. Providers can override it with their reverse proxy settings.
This commit is contained in:
parent
80da410c3b
commit
3d2da43207
1 changed files with 7 additions and 0 deletions
|
@ -166,6 +166,13 @@ func New(e *echo.Echo, options *Options) error {
|
||||||
c.String(code, err.Error())
|
c.String(code, err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
|
return func(ectx echo.Context) error {
|
||||||
|
ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'")
|
||||||
|
return next(ectx)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
return func(ectx echo.Context) error {
|
return func(ectx echo.Context) error {
|
||||||
ctx := &Context{Context: ectx, Server: s}
|
ctx := &Context{Context: ectx, Server: s}
|
||||||
|
|
Loading…
Reference in a new issue