golang/owncast
1
0
Fork 0
mirror of https://github.com/owncast/owncast.git synced 2025-11-04 05:17:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
owncast/router/middleware/headers.go
Gabe Kangas dcac6783dd Remove extra newline
2022-05-16 11:43:57 -07:00

26 lines
860 B
Go
Raw Blame History

package middleware
import (
"fmt"
"net/http"
"os"
"strings"
)
// SetHeaders will set our global headers for web resources.
func SetHeaders(w http.ResponseWriter) {
// When running automated browser tests we must allow `unsafe-eval` in our CSP
// so we can explicitly add it only when needed.
inTest := os.Getenv("BROWSER_TEST") == "true"
unsafeEval := ""
if inTest {
unsafeEval = `'unsafe-eval'`
}
// Content security policy
csp := []string{
fmt.Sprintf("script-src 'self' %s 'sha256-B5bOgtE39ax4J6RqDE93TVYrJeLAdxDOJFtF3hoWYDw=' 'sha256-PzXGlTLvNFZ7et6GkP2nD3XuSaAKQVBSYiHzU2ZKm8o=' 'sha256-/wqazZOqIpFSIrNVseblbKCXrezG73X7CMqRSTf+8zw=' 'sha256-jCj2f+ICtd8fvdb0ngc+Hkr/ZnZOMvNkikno/XR6VZs='", unsafeEval),
"worker-src 'self' blob:", // No single quotes around blob:
}
w.Header().Set("Content-Security-Policy", strings.Join(csp, "; "))
}
Reference in New Issue View Git Blame Copy Permalink