RidgwaySystems/rs_website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add a page for tickets from gitea (#2)

Browse Source 
Co-authored-by: Blake Ridgway <blake@blakeridgway.com>
Reviewed-on: #2
This commit is contained in:
blakeridgway
2026-04-13 03:51:22 -05:00
parent 5bc3050dd4
commit b1feff3bbf
16 changed files with 782 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/handler/middleware.go
View File

@@ -43,8 +43,12 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler {
if strings.HasPrefix(r.URL.Path, "/admin") {
scriptSrc = "'self'"
}
w.Header().Set("Content-Security-Policy",
"default-src 'self'; script-src "+scriptSrc+"; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'")
frameSrc := "'none'"
if r.URL.Path == "/stream" {
frameSrc = "https://player.twitch.tv"
}
csp := "default-src 'self'; script-src " + scriptSrc + "; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-src " + frameSrc + "; frame-ancestors 'none'"
w.Header().Set("Content-Security-Policy", csp)
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")