aboutsummaryrefslogtreecommitdiffhomepage
path: root/middleware/common_headers.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/common_headers.go')
-rw-r--r--middleware/common_headers.go25
1 files changed, 25 insertions, 0 deletions
diff --git a/middleware/common_headers.go b/middleware/common_headers.go
new file mode 100644
index 0000000..bdec580
--- /dev/null
+++ b/middleware/common_headers.go
@@ -0,0 +1,25 @@
+// Copyright 2018 Frédéric Guillot. All rights reserved.
+// Use of this source code is governed by the Apache 2.0
+// license that can be found in the LICENSE file.
+
+package middleware
+
+import (
+ "net/http"
+)
+
+// CommonHeaders sends common HTTP headers.
+func (m *Middleware) CommonHeaders(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("X-XSS-Protection", "1; mode=block")
+ w.Header().Set("X-Content-Type-Options", "nosniff")
+ w.Header().Set("X-Frame-Options", "DENY")
+ w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *; child-src *")
+
+ if m.cfg.IsHTTPS && m.cfg.HasHSTS() {
+ w.Header().Set("Strict-Transport-Security", "max-age=31536000")
+ }
+
+ next.ServeHTTP(w, r)
+ })
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-31 02:21:37 +0000