Mercurial > gemma

diff pkg/middleware/nosniff.go @ 5283:fdbc28a71691

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Made setting of No Sniff headers for served files a reusable middleware.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Sun, 28 Jun 2020 02:54:58 +0200
parents
children 1222b777f51f
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/pkg/middleware/nosniff.go	Sun Jun 28 02:54:58 2020 +0200
@@ -0,0 +1,24 @@
+// This is Free Software under GNU Affero General Public License v >= 3.0
+// without warranty, see README.md and license for details.
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+// License-Filename: LICENSES/AGPL-3.0.txt
+//
+// Copyright (C) 2020 by via donau
+//   – Österreichische Wasserstraßen-Gesellschaft mbH
+// Software engineering by Intevation GmbH
+//
+// Author(s):
+//  * Sascha L. Teichmann <sascha.teichmann@intevation.de>
+
+package middleware
+
+import "net/http"
+
+func NoSniff(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
+		res.Header().Set("X-Frame-Options", "sameorigin")
+		res.Header().Set("X-Content-Type-Options", "nosniff")
+		next.ServeHTTP(res, req)
+	})
+}