Commit 10641c06 authored by ale's avatar ale
Browse files

Update Content-Security-Policy to allow stylesheets

parent c74050a8
Pipeline #422 passed with stages
in 1 minute and 19 seconds
......@@ -132,12 +132,14 @@ func (a *App) HTTPHandler() http.Handler {
withStandardHeaders(a.router)))
}
var contentSecurityPolicy = "default-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self'; connect-src 'self';"
func withStandardHeaders(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Pragma", "no-cache")
w.Header().Set("Cache-Control", "no-store")
w.Header().Set("Expires", "-1")
w.Header().Set("Content-Security-Policy", "default-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; connect-src 'self';")
w.Header().Set("Content-Security-Policy", contentSecurityPolicy)
w.Header().Set("X-Frame-Options", "NONE")
w.Header().Set("X-XSS-Protection", "1; mode=block")
w.Header().Set("X-Content-Type-Options", "nosniff")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment