TDvorak/MyClub
1
0
Fork 0
mirror of https://github.com/Dvorinka/MyClubServer.git synced 2026-06-04 02:32:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dev day #65

Browse Source
This commit is contained in:
Tomas Dvorak
2025-10-19 17:16:57 +02:00
parent e9a63073e5
commit 77213f4e83
76 changed files with 9728 additions and 935 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/security_headers.go
+4 -4
View File
@@ -11,8 +11,8 @@ func SecurityHeaders() gin.HandlerFunc {
// Prevent MIME type sniffing
c.Header("X-Content-Type-Options", "nosniff")
// Prevent clickjacking
c.Header("X-Frame-Options", "DENY")
// Prevent clickjacking (allow same-origin for PDF previews)
c.Header("X-Frame-Options", "SAMEORIGIN")
// Referrer policy
c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
@@ -56,7 +56,7 @@ func buildCSP(production bool) string {
"object-src 'none'; " +
"base-uri 'self'; " +
"form-action 'self'; " +
"frame-ancestors 'none'; " +
"frame-ancestors 'self'; " +
"upgrade-insecure-requests;"
}
@@ -71,5 +71,5 @@ func buildCSP(production bool) string {
"object-src 'none'; " +
"base-uri 'self'; " +
"form-action 'self'; " +
"frame-ancestors 'none';"
"frame-ancestors 'self';"
}