Security headers
This commit is contained in:
parent
7849164d7e
commit
1d050e2d45
|
@ -6,6 +6,15 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func HandleAlbum(c *fiber.Ctx) error {
|
func HandleAlbum(c *fiber.Ctx) error {
|
||||||
|
c.Set("Cache-Control", "public,max-age=604800")
|
||||||
|
c.Set("X-Frame-Options", "DENY")
|
||||||
|
c.Set("Referrer-Policy", "no-referrer")
|
||||||
|
c.Set("X-Content-Type-Options", "nosniff")
|
||||||
|
c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")
|
||||||
|
c.Set("Strict-Transport-Security", "max-age=31557600")
|
||||||
|
c.Set("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()")
|
||||||
|
c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; script-src 'none'; img-src 'self'; font-src 'self'; block-all-mixed-content; manifest-src 'self'")
|
||||||
|
|
||||||
// https://imgur.com/a/DfEsrAB
|
// https://imgur.com/a/DfEsrAB
|
||||||
|
|
||||||
album, err := api.FetchAlbum(c.Params("albumID"))
|
album, err := api.FetchAlbum(c.Params("albumID"))
|
||||||
|
|
|
@ -9,8 +9,8 @@ func FrontpageHandler(c *fiber.Ctx) error {
|
||||||
c.Set("X-Content-Type-Options", "nosniff")
|
c.Set("X-Content-Type-Options", "nosniff")
|
||||||
c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")
|
c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")
|
||||||
c.Set("Strict-Transport-Security", "max-age=31557600")
|
c.Set("Strict-Transport-Security", "max-age=31557600")
|
||||||
c.Set("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()")
|
c.Set("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()")
|
||||||
c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self'; font-src 'self'; form-action 'self'; block-all-mixed-content; manifest-src 'self'")
|
c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; script-src 'none'; img-src 'self'; font-src 'self'; block-all-mixed-content; manifest-src 'self'")
|
||||||
|
|
||||||
return c.Render("frontpage", fiber.Map{})
|
return c.Render("frontpage", fiber.Map{})
|
||||||
}
|
}
|
Loading…
Reference in New Issue