From be349ec9d92f564dad17251a7af286da8dad8089 Mon Sep 17 00:00:00 2001 From: video-prize-ranch Date: Sat, 16 Jul 2022 16:02:59 -0400 Subject: [PATCH] Allow embedding embeds --- pages/frontpage.go | 1 + pages/post.go | 1 + pages/tag.go | 1 + pages/user.go | 1 + utils/setHeaders.go | 1 - 5 files changed, 4 insertions(+), 1 deletion(-) diff --git a/pages/frontpage.go b/pages/frontpage.go index cf992ad..9321fd6 100644 --- a/pages/frontpage.go +++ b/pages/frontpage.go @@ -9,6 +9,7 @@ import ( func HandleFrontpage(c *fiber.Ctx) error { utils.SetHeaders(c) + c.Set("X-Frame-Options", "DENY") c.Set("Cache-Control", "public,max-age=31557600") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") diff --git a/pages/post.go b/pages/post.go index 4a41358..6a241d7 100644 --- a/pages/post.go +++ b/pages/post.go @@ -11,6 +11,7 @@ import ( func HandlePost(c *fiber.Ctx) error { utils.SetHeaders(c) + c.Set("X-Frame-Options", "DENY") c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") post, err := types.Album{}, error(nil) diff --git a/pages/tag.go b/pages/tag.go index 1288f9f..a99c3e4 100644 --- a/pages/tag.go +++ b/pages/tag.go @@ -10,6 +10,7 @@ import ( func HandleTag(c *fiber.Ctx) error { utils.SetHeaders(c) + c.Set("X-Frame-Options", "DENY") c.Set("Cache-Control", "public,max-age=604800") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; media-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") diff --git a/pages/user.go b/pages/user.go index 85538b2..9a59c74 100644 --- a/pages/user.go +++ b/pages/user.go @@ -12,6 +12,7 @@ import ( func HandleUser(c *fiber.Ctx) error { utils.SetHeaders(c) + c.Set("X-Frame-Options", "DENY") c.Set("Cache-Control", "public,max-age=604800") c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") diff --git a/utils/setHeaders.go b/utils/setHeaders.go index 4c6f89c..cff477a 100644 --- a/utils/setHeaders.go +++ b/utils/setHeaders.go @@ -3,7 +3,6 @@ package utils import "github.com/gofiber/fiber/v2" func SetHeaders(c *fiber.Ctx) { - c.Set("X-Frame-Options", "DENY") c.Set("Referrer-Policy", "no-referrer") c.Set("X-Content-Type-Options", "nosniff") c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")