mirror of https://github.com/jlelse/GoBlog
Add basic security headers
This commit is contained in:
parent
76b959092e
commit
5652fab725
3
go.mod
3
go.mod
|
@ -30,7 +30,8 @@ require (
|
|||
github.com/spf13/cast v1.3.1
|
||||
github.com/spf13/jwalterweatherman v1.1.0 // indirect
|
||||
github.com/spf13/viper v1.7.1
|
||||
github.com/tdewolff/minify/v2 v2.9.7
|
||||
github.com/tdewolff/minify/v2 v2.9.8
|
||||
github.com/tdewolff/parse/v2 v2.5.5 // indirect
|
||||
github.com/vcraescu/go-paginator v0.0.0-20200923074551-426b20f3ae8a
|
||||
github.com/yuin/goldmark v1.2.1
|
||||
github.com/yuin/goldmark-emoji v1.0.1
|
||||
|
|
6
go.sum
6
go.sum
|
@ -272,10 +272,12 @@ github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd
|
|||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
|
||||
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
|
||||
github.com/tdewolff/minify/v2 v2.9.7 h1:r8ewdcX8VYUoNj+s9WSy4FtNNNqNPevWOkb/MksAtzQ=
|
||||
github.com/tdewolff/minify/v2 v2.9.7/go.mod h1:AcJ/ggtHex5N/QiafLI8rlIO3qwSlgbPNLi27VZSYz8=
|
||||
github.com/tdewolff/minify/v2 v2.9.8 h1:BzGEqnHOWKgF8HUuXin+MuuWOAR4s4xFcZS1qydnsQg=
|
||||
github.com/tdewolff/minify/v2 v2.9.8/go.mod h1:AcJ/ggtHex5N/QiafLI8rlIO3qwSlgbPNLi27VZSYz8=
|
||||
github.com/tdewolff/parse/v2 v2.5.4 h1:ggaQ1SVE8wErRrZwUs49I6iQ1zL/tFlb7KtYsk2I8Yk=
|
||||
github.com/tdewolff/parse/v2 v2.5.4/go.mod h1:WzaJpRSbwq++EIQHYIRTpbYKNA3gn9it1Ik++q4zyho=
|
||||
github.com/tdewolff/parse/v2 v2.5.5 h1:b7ICJa4I/54JQGEGgTte8DiyJPKcC5g8V773QMzkeUM=
|
||||
github.com/tdewolff/parse/v2 v2.5.5/go.mod h1:WzaJpRSbwq++EIQHYIRTpbYKNA3gn9it1Ik++q4zyho=
|
||||
github.com/tdewolff/test v1.0.6 h1:76mzYJQ83Op284kMT+63iCNCI7NEERsIN8dLM+RiKr4=
|
||||
github.com/tdewolff/test v1.0.6/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
|
|
14
http.go
14
http.go
|
@ -44,7 +44,7 @@ func startServer() (err error) {
|
|||
tlsConfig := certManager.TLSConfig()
|
||||
server := http.Server{
|
||||
Addr: ":https",
|
||||
Handler: d,
|
||||
Handler: securityHeaders(d),
|
||||
TLSConfig: tlsConfig,
|
||||
}
|
||||
go http.ListenAndServe(":http", certManager.HTTPHandler(nil))
|
||||
|
@ -205,6 +205,18 @@ func buildHandler() (http.Handler, error) {
|
|||
return r, nil
|
||||
}
|
||||
|
||||
func securityHeaders(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Add("Strict-Transport-Security", "max-age=31536000;")
|
||||
w.Header().Add("Referrer-Policy", "no-referrer")
|
||||
w.Header().Add("X-Content-Type-Options", "nosniff")
|
||||
w.Header().Add("X-Frame-Options", "SAMEORIGIN")
|
||||
w.Header().Add("X-Xss-Protection", "1; mode=block")
|
||||
// TODO: Add CSP
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
|
||||
type dynamicHandler struct {
|
||||
realHandler http.Handler
|
||||
changeMutex *sync.Mutex
|
||||
|
|
Loading…
Reference in New Issue