diff options
Diffstat (limited to 'middleware/common_headers.go')
-rw-r--r-- | middleware/common_headers.go | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/middleware/common_headers.go b/middleware/common_headers.go new file mode 100644 index 0000000..bdec580 --- /dev/null +++ b/middleware/common_headers.go @@ -0,0 +1,25 @@ +// Copyright 2018 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package middleware + +import ( + "net/http" +) + +// CommonHeaders sends common HTTP headers. +func (m *Middleware) CommonHeaders(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("X-XSS-Protection", "1; mode=block") + w.Header().Set("X-Content-Type-Options", "nosniff") + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src *; media-src *; frame-src *; child-src *") + + if m.cfg.IsHTTPS && m.cfg.HasHSTS() { + w.Header().Set("Strict-Transport-Security", "max-age=31536000") + } + + next.ServeHTTP(w, r) + }) +} |