chore: add Content-Security-Policy header

This commit is contained in:
Oleg Lobanov 2021-07-26 11:08:39 +02:00
parent f2b5dd3787
commit 201329abce
No known key found for this signature in database
GPG Key ID: 7CC64E41212621B0
1 changed files with 6 additions and 0 deletions

View File

@ -25,6 +25,12 @@ func NewHandler(
server.Clean()
r := mux.NewRouter()
r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Security-Policy", `default-src 'self'`)
next.ServeHTTP(w, r)
})
})
index, static := getStaticHandlers(store, server, assetsFs)
// NOTE: This fixes the issue where it would redirect if people did not put a