mirror of
https://github.com/owncast/owncast.git
synced 2025-11-04 13:27:21 +08:00
18 lines
407 B
Go
18 lines
407 B
Go
package middleware
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// SetHeaders will set our global headers for web resources.
|
|
func SetHeaders(w http.ResponseWriter, nonce string) {
|
|
// Content security policy
|
|
csp := []string{
|
|
fmt.Sprintf("script-src '%s' 'self'", nonce),
|
|
"worker-src 'self' blob:", // No single quotes around blob:
|
|
}
|
|
w.Header().Set("Content-Security-Policy", strings.Join(csp, "; "))
|
|
}
|