# HG changeset patch # User Sascha Wilde # Date 1593619037 -7200 # Node ID 3ec58a8c42f55b7e667f73542cd48a03ef538980 # Parent 6a673483682867501a3c3e2ad6e8524865fb58f2# Parent fdbc28a71691ee1ef03f5f4d4620947678748c84 Merged latest changes not tested for v5.1 diff -r 6a6734836828 -r 3ec58a8c42f5 cmd/gemma/main.go --- a/cmd/gemma/main.go Wed Jul 01 17:56:17 2020 +0200 +++ b/cmd/gemma/main.go Wed Jul 01 17:57:17 2020 +0200 @@ -34,6 +34,7 @@ "gemma.intevation.de/gemma/pkg/controllers" "gemma.intevation.de/gemma/pkg/geoserver" "gemma.intevation.de/gemma/pkg/imports" + "gemma.intevation.de/gemma/pkg/middleware" "gemma.intevation.de/gemma/pkg/scheduler" ) @@ -67,15 +68,9 @@ m := mux.NewRouter() controllers.BindRoutes(m) - dir := http.FileServer(http.Dir(web)) + dir := middleware.NoSniff(http.FileServer(http.Dir(web))) - xframes := http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { - res.Header().Set("X-Frame-Options", "sameorigin") - res.Header().Set("X-Content-Type-Options", "nosniff") - dir.ServeHTTP(res, req) - }) - - m.PathPrefix("/").Handler(xframes) + m.PathPrefix("/").Handler(dir) addr := fmt.Sprintf("%s:%d", config.WebHost(), config.WebPort()) log.Printf("info: listen on %s\n", addr) diff -r 6a6734836828 -r 3ec58a8c42f5 pkg/middleware/nosniff.go --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pkg/middleware/nosniff.go Wed Jul 01 17:57:17 2020 +0200 @@ -0,0 +1,24 @@ +// This is Free Software under GNU Affero General Public License v >= 3.0 +// without warranty, see README.md and license for details. +// +// SPDX-License-Identifier: AGPL-3.0-or-later +// License-Filename: LICENSES/AGPL-3.0.txt +// +// Copyright (C) 2020 by via donau +// – Österreichische Wasserstraßen-Gesellschaft mbH +// Software engineering by Intevation GmbH +// +// Author(s): +// * Sascha L. Teichmann + +package middleware + +import "net/http" + +func NoSniff(next http.Handler) http.Handler { + return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + res.Header().Set("X-Frame-Options", "sameorigin") + res.Header().Set("X-Content-Type-Options", "nosniff") + next.ServeHTTP(res, req) + }) +}