summaryrefslogtreecommitdiff
path: root/internal/middleware/extraheaders.go
AgeCommit message (Collapse)AuthorFiles
2023-08-20[feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra ↵Libravatar tobi1
URIs (#2134) * [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs * env parsing tests, my coy mistress
2023-08-14[fix] Update CSP header for blob images (upload preview) and dev livereload ↵v0.11.0-rc3Libravatar f0x521
(#2109) * update CSP header for blob images (upload preview) and dev livereload websocket * update csp for s3, update csp tests
2023-08-12[bugfix] CSP policy fixes for S3/object storage (#2104)Libravatar Daenney1
* [bugfix] CSP policy fixes for S3 in non-proxied mode * It should be img-src * In both img-src and media-src we still need to include 'self'
2023-08-11[bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103)v0.11.0-rc2Libravatar tobi1
* [bugfix] Add s3 endpoint as image-src and media-src for CSP * use https if secure * reorder comment
2023-08-11[feature] Set Content-Security-Policy header (#2095)Libravatar Daenney1
This adds the CSP header with a policy of only loading from the same domain. We don't make use of external media, CSS, JS, fonts, so we don't ever need external data loaded in our context. When building a DEBUG build, the policy gets extended to include localhost:*, i.e localhost on any port. This keeps the live-reloading flow for JS development working. localhost and 127.0.0.1 are considered to be the same so mixing and matching those doesn't result in a CSP violation.
2023-03-12[chore] Improve copyright header handling (#1608)Libravatar Daenney1
* [chore] Remove years from all license headers Years or year ranges aren't required in license headers. Many projects have removed them in recent years and it avoids a bit of yearly toil. In many cases our copyright claim was also a bit dodgy since we added the 2021-2023 header to files created after 2021 but you can't claim copyright into the past that way. * [chore] Add license header check This ensures a license header is always added to any new file. This avoids maintainers/reviewers needing to remember to check for and ask for it in case a contribution doesn't include it. * [chore] Add missing license headers * [chore] Further updates to license header * Use the more common // indentend comment format * Remove the hack we had for the linter now that we use the // format * Add SPDX license identifier
2023-01-05[chore] Update/add license headers for 2023 (#1304)Libravatar tobi1
2023-01-02[chore] The Big Middleware and API Refactor (tm) (#1250)Libravatar tobi1
* interim commit: start refactoring middlewares into package under router * another interim commit, this is becoming a big job * another fucking massive interim commit * refactor bookmarks to new style * ambassador, wiz zeze commits you are spoiling uz * she compiles, we're getting there * we're just normal men; we're just innocent men * apiutil * whoopsie * i'm glad noone reads commit msgs haha :blob_sweat: * use that weirdo go-bytesize library for maxMultipartMemory * fix media module paths
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 09:48:15 +0000