Mercurial > gemma
changeset 5283:fdbc28a71691
Made setting of No Sniff headers for served files a reusable middleware.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Sun, 28 Jun 2020 02:54:58 +0200 |
parents | 12e2422ae57c |
children | 3ec58a8c42f5 |
files | cmd/gemma/main.go pkg/middleware/nosniff.go |
diffstat | 2 files changed, 27 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/cmd/gemma/main.go Fri Jun 26 11:37:20 2020 +0200 +++ b/cmd/gemma/main.go Sun Jun 28 02:54:58 2020 +0200 @@ -34,6 +34,7 @@ "gemma.intevation.de/gemma/pkg/controllers" "gemma.intevation.de/gemma/pkg/geoserver" "gemma.intevation.de/gemma/pkg/imports" + "gemma.intevation.de/gemma/pkg/middleware" "gemma.intevation.de/gemma/pkg/scheduler" ) @@ -67,15 +68,9 @@ m := mux.NewRouter() controllers.BindRoutes(m) - dir := http.FileServer(http.Dir(web)) + dir := middleware.NoSniff(http.FileServer(http.Dir(web))) - xframes := http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { - res.Header().Set("X-Frame-Options", "sameorigin") - res.Header().Set("X-Content-Type-Options", "nosniff") - dir.ServeHTTP(res, req) - }) - - m.PathPrefix("/").Handler(xframes) + m.PathPrefix("/").Handler(dir) addr := fmt.Sprintf("%s:%d", config.WebHost(), config.WebPort()) log.Printf("info: listen on %s\n", addr)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pkg/middleware/nosniff.go Sun Jun 28 02:54:58 2020 +0200 @@ -0,0 +1,24 @@ +// This is Free Software under GNU Affero General Public License v >= 3.0 +// without warranty, see README.md and license for details. +// +// SPDX-License-Identifier: AGPL-3.0-or-later +// License-Filename: LICENSES/AGPL-3.0.txt +// +// Copyright (C) 2020 by via donau +// – Österreichische Wasserstraßen-Gesellschaft mbH +// Software engineering by Intevation GmbH +// +// Author(s): +// * Sascha L. Teichmann <sascha.teichmann@intevation.de> + +package middleware + +import "net/http" + +func NoSniff(next http.Handler) http.Handler { + return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) { + res.Header().Set("X-Frame-Options", "sameorigin") + res.Header().Set("X-Content-Type-Options", "nosniff") + next.ServeHTTP(res, req) + }) +}