mirror of
https://github.com/ordinary-dev/phoenix
synced 2024-09-20 03:40:29 +05:00
Add some headers to improve security
This commit is contained in:
parent
de76c90f3c
commit
69eb490803
|
@ -11,6 +11,8 @@ func GetGinEngine(cfg *config.Config, db *gorm.DB) *gin.Engine {
|
||||||
engine.LoadHTMLGlob("templates/*")
|
engine.LoadHTMLGlob("templates/*")
|
||||||
engine.Static("/assets", "./assets")
|
engine.Static("/assets", "./assets")
|
||||||
|
|
||||||
|
engine.Use(SecurityHeadersMiddleware)
|
||||||
|
|
||||||
engine.GET("/signin", func(c *gin.Context) {
|
engine.GET("/signin", func(c *gin.Context) {
|
||||||
ShowLoginForm(c)
|
ShowLoginForm(c)
|
||||||
})
|
})
|
||||||
|
|
14
views/security.go
Normal file
14
views/security.go
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
package views
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Adds several headers to the response to improve security.
|
||||||
|
// For example, headers prevent embedding a site and passing information about the referrer.
|
||||||
|
func SecurityHeadersMiddleware(c *gin.Context) {
|
||||||
|
c.Writer.Header().Set("X-Frame-Options", "SAMEORIGIN")
|
||||||
|
c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
|
||||||
|
c.Writer.Header().Set("Referrer-Policy", "same-origin")
|
||||||
|
c.Writer.Header().Set("Content-Security-Policy", "default-src 'self'")
|
||||||
|
}
|
Loading…
Reference in a new issue