mirror of
https://github.com/ordinary-dev/phoenix
synced 2024-09-20 03:40:29 +05:00
Ivan R.
3f41e605cb
I've also simplified the content security policy a bit to make it less of a hassle.
15 lines
506 B
Go
15 lines
506 B
Go
package views
|
|
|
|
import (
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
// Adds several headers to the response to improve security.
|
|
// For example, headers prevent embedding a site and passing information about the referrer.
|
|
func SecurityHeadersMiddleware(c *gin.Context) {
|
|
c.Writer.Header().Set("X-Frame-Options", "SAMEORIGIN")
|
|
c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
|
|
c.Writer.Header().Set("Referrer-Policy", "same-origin")
|
|
c.Writer.Header().Set("Content-Security-Policy", "script-src 'self'; ")
|
|
}
|