diff options
author | Simon Ser <contact@emersion.fr> | 2019-12-18 12:03:56 +0100 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2019-12-18 12:03:56 +0100 |
commit | 3d2da43207ee963cb813dfba3a338b9d9c918319 (patch) | |
tree | 9dea7082ee80cf37feba6684acb06e84e8ef60dc /server.go | |
parent | 80da410c3bb1c0d8d53c02867afc0cddd2f185bd (diff) | |
download | alps-3d2da43207ee963cb813dfba3a338b9d9c918319.tar.gz alps-3d2da43207ee963cb813dfba3a338b9d9c918319.zip |
Add a default CSP
Disallows loading external ressources. Providers can override it with
their reverse proxy settings.
Diffstat (limited to 'server.go')
-rw-r--r-- | server.go | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -168,6 +168,13 @@ func New(e *echo.Echo, options *Options) error { e.Use(func(next echo.HandlerFunc) echo.HandlerFunc { return func(ectx echo.Context) error { + ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'") + return next(ectx) + } + }) + + e.Use(func(next echo.HandlerFunc) echo.HandlerFunc { + return func(ectx echo.Context) error { ctx := &Context{Context: ectx, Server: s} ctx.Set("context", ctx) |