TDvorak/MyClub
1
0
Fork 0
mirror of https://github.com/Dvorinka/MyClubServer.git synced 2026-06-04 02:32:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dev day #75

Browse Source
This commit is contained in:
Tomas Dvorak
2025-10-29 21:20:16 +01:00
parent 823fabee02
commit 16e4533202
61 changed files with 2308 additions and 942 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/security_headers.go
+2 -1
View File
@@ -36,7 +36,8 @@ func SecurityHeaders() gin.HandlerFunc {
c.Header("X-Permitted-Cross-Domain-Policies", "none")
c.Header("Cross-Origin-Embedder-Policy", "require-corp")
c.Header("Cross-Origin-Opener-Policy", "same-origin")
c.Header("Cross-Origin-Resource-Policy", "same-origin")
// Allow assets (e.g., /uploads) to be embedded from different origin (frontend vs backend)
c.Header("Cross-Origin-Resource-Policy", "cross-origin")
c.Next()
}