summaryrefslogtreecommitdiff
path: root/internal/middleware/extraheaders.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/middleware/extraheaders.go')
-rw-r--r--internal/middleware/extraheaders.go11
1 files changed, 10 insertions, 1 deletions
diff --git a/internal/middleware/extraheaders.go b/internal/middleware/extraheaders.go
index 802051e34..f584633fe 100644
--- a/internal/middleware/extraheaders.go
+++ b/internal/middleware/extraheaders.go
@@ -17,10 +17,17 @@
package middleware
-import "github.com/gin-gonic/gin"
+import (
+ "codeberg.org/gruf/go-debug"
+ "github.com/gin-gonic/gin"
+)
// ExtraHeaders returns a new gin middleware which adds various extra headers to the response.
func ExtraHeaders() gin.HandlerFunc {
+ policy := "default-src 'self'"
+ if debug.DEBUG {
+ policy += " localhost:*"
+ }
return func(c *gin.Context) {
// Inform all callers which server implementation this is.
c.Header("Server", "gotosocial")
@@ -32,5 +39,7 @@ func ExtraHeaders() gin.HandlerFunc {
//
// See: https://github.com/patcg-individual-drafts/topics
c.Header("Permissions-Policy", "browsing-topics=()")
+ // Inform the browser we only load CSS/JS/media from the same domain
+ c.Header("Content-Security-Policy", policy)
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-12 23:31:48 +0000