Add some headers to improve security

views/main.go

@@ -11,6 +11,8 @@ func GetGinEngine(cfg *config.Config, db *gorm.DB) *gin.Engine {
 	engine.LoadHTMLGlob("templates/*")
 	engine.Static("/assets", "./assets")
 
+	engine.Use(SecurityHeadersMiddleware)
+
 	engine.GET("/signin", func(c *gin.Context) {
 		ShowLoginForm(c)
 	})

views/security.go

@@ -0,0 +1,14 @@
+package views
+
+import (
+	"github.com/gin-gonic/gin"
+)
+
+// Adds several headers to the response to improve security.
+// For example, headers prevent embedding a site and passing information about the referrer.
+func SecurityHeadersMiddleware(c *gin.Context) {
+	c.Writer.Header().Set("X-Frame-Options", "SAMEORIGIN")
+	c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+	c.Writer.Header().Set("Referrer-Policy", "same-origin")
+	c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'")
+}