ngn/dumb
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Activity

feat: disable loading images from external entities

Browse Source
This commit is contained in:
rramiachraf 2023-01-27 14:31:10 +01:00
parent 544734b843
commit c03bd495f6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
utils.go
View File

@ -43,7 +43,7 @@ func write(w http.ResponseWriter, status int, data []byte) {
func securityHeaders(next http.Handler) http.Handler { func securityHeaders(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
csp := "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' images.genius.com; object-src 'none'" csp := "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; object-src 'none'"
w.Header().Add("content-security-policy", csp) w.Header().Add("content-security-policy", csp)
w.Header().Add("referrer-policy", "no-referrer") w.Header().Add("referrer-policy", "no-referrer")
w.Header().Add("x-content-type-options", "nosniff") w.Header().Add("x-content-type-options", "nosniff")