Files
Ronni Skansing a588d39d72 fix disable CSP too restrictive for editor previews
Signed-off-by: Ronni Skansing <rskansing@gmail.com>
2026-06-06 20:44:15 +02:00

15 lines
687 B
Go

package middleware
import "github.com/gin-gonic/gin"
func SecurityHeaders() gin.HandlerFunc {
return func(c *gin.Context) {
// too many issues with previewing resources
// c.Header("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'self'; frame-src data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';")
c.Header("X-Content-Type-Options", "nosniff")
c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
c.Header("Permissions-Policy", "camera=(), microphone=(), geolocation=(), payment=()")
c.Next()
}
}