RidgwaySystems/rs_website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add in twitch integration

Browse Source
This commit is contained in:
Blake Ridgway
2026-04-13 03:49:24 -05:00
parent 0ba2f7af4e
commit 668530ce37
11 changed files with 312 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/handler/middleware.go
View File

@@ -43,8 +43,12 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler {
if strings.HasPrefix(r.URL.Path, "/admin") {
scriptSrc = "'self'"
}
w.Header().Set("Content-Security-Policy",
"default-src 'self'; script-src "+scriptSrc+"; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'")
frameSrc := "'none'"
if r.URL.Path == "/stream" {
frameSrc = "https://player.twitch.tv"
}
csp := "default-src 'self'; script-src " + scriptSrc + "; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-src " + frameSrc + "; frame-ancestors 'none'"
w.Header().Set("Content-Security-Policy", csp)
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")