Allow embedding embeds

This commit is contained in:
video-prize-ranch 2022-07-16 16:02:59 -04:00
parent 95eaf959b0
commit be349ec9d9
No known key found for this signature in database
GPG Key ID: D8EAA4C5B12A7281
5 changed files with 4 additions and 1 deletions

View File

@ -9,6 +9,7 @@ import (
func HandleFrontpage(c *fiber.Ctx) error { func HandleFrontpage(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("X-Frame-Options", "DENY")
c.Set("Cache-Control", "public,max-age=31557600") c.Set("Cache-Control", "public,max-age=31557600")
c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")

View File

@ -11,6 +11,7 @@ import (
func HandlePost(c *fiber.Ctx) error { func HandlePost(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("X-Frame-Options", "DENY")
c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")
post, err := types.Album{}, error(nil) post, err := types.Album{}, error(nil)

View File

@ -10,6 +10,7 @@ import (
func HandleTag(c *fiber.Ctx) error { func HandleTag(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("X-Frame-Options", "DENY")
c.Set("Cache-Control", "public,max-age=604800") c.Set("Cache-Control", "public,max-age=604800")
c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; media-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline' 'self'; media-src 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")

View File

@ -12,6 +12,7 @@ import (
func HandleUser(c *fiber.Ctx) error { func HandleUser(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("X-Frame-Options", "DENY")
c.Set("Cache-Control", "public,max-age=604800") c.Set("Cache-Control", "public,max-age=604800")
c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; manifest-src 'self'; block-all-mixed-content")

View File

@ -3,7 +3,6 @@ package utils
import "github.com/gofiber/fiber/v2" import "github.com/gofiber/fiber/v2"
func SetHeaders(c *fiber.Ctx) { func SetHeaders(c *fiber.Ctx) {
c.Set("X-Frame-Options", "DENY")
c.Set("Referrer-Policy", "no-referrer") c.Set("Referrer-Policy", "no-referrer")
c.Set("X-Content-Type-Options", "nosniff") c.Set("X-Content-Type-Options", "nosniff")
c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow") c.Set("X-Robots-Tag", "noindex, noimageindex, nofollow")