phoenix/views/middleware/security.go

package middleware

import (
	"net/http"
)

// Adds several headers to the response to improve security.
// For example, headers prevent embedding a site and passing information about the referrer.
func SecurityHeadersMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("X-Frame-Options", "SAMEORIGIN")
		w.Header().Set("X-Content-Type-Options", "nosniff")
		w.Header().Set("Referrer-Policy", "same-origin")
		w.Header().Set("Content-Security-Policy", "script-src 'self'; ")

		next.ServeHTTP(w, r)
	})
}
feat!: migrate to net/http With the release of Go 1.22, the standard library now has all the necessary functions that allow us to abandon Gin. I hope this rewrite will lower the entry barrier for new developers. As a nice bonus, the size of the program has decreased from 20 to 15.4 MB. To solve issue #81, request logging has been improved. Now all errors are displayed in the logs. 2024-03-25 15:52:18 +05:00			`package middleware`

			`import (`
			`"net/http"`
			`)`

			`// Adds several headers to the response to improve security.`
			`// For example, headers prevent embedding a site and passing information about the referrer.`
			`func SecurityHeadersMiddleware(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`w.Header().Set("X-Frame-Options", "SAMEORIGIN")`
			`w.Header().Set("X-Content-Type-Options", "nosniff")`
			`w.Header().Set("Referrer-Policy", "same-origin")`
			`w.Header().Set("Content-Security-Policy", "script-src 'self'; ")`

			`next.ServeHTTP(w, r)`
			`})`
			`}`