jlelse
/
GoBlog
mirror of https://github.com/jlelse/GoBlog
1
Fork 0
Code Packages Releases Activity

Fix CSP

This commit is contained in:
Jan-Lukas Else 2023-08-06 11:47:10 +02:00
parent 927ee65d55
commit df41efdb1f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
httpMiddlewares.go
View File

@ -52,7 +52,7 @@ func (a *goBlog) securityHeaders(next http.Handler) http.Handler {
cspBuilder.WriteString(strings.Join(a.cfg.Server.CSPDomains, " "))
}
cspDomains := cspBuilder.String()
csp := "default-src 'self' blob:" + cspDomains + "; img-src 'self'" + cspDomains + " data:; frame-ancestors none;"
csp := "default-src 'self' blob:" + cspDomains + "; img-src 'self'" + cspDomains + " data:; frame-ancestors 'none';"
builderpool.Put(cspBuilder)
// Return handler
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {