Fijxu/justlog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #25 from RAnders00/patch-1

Browse source 
Added X-Content-Type-Options: nosniff to all responses
This commit is contained in:
Daniel Pasch 2019-07-13 13:03:19 +02:00 committed by GitHub
commit 7fce808b04
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
api/server.go
View file

@ -56,6 +56,13 @@ func (s *Server) Init() {
e.Use(middleware.RemoveTrailingSlashWithConfig(middleware.TrailingSlashConfig{ e.Use(middleware.RemoveTrailingSlashWithConfig(middleware.TrailingSlashConfig{
RedirectCode: http.StatusMovedPermanently, RedirectCode: http.StatusMovedPermanently,
})) }))
e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
XSSProtection: "", // disabled
ContentTypeNosniff: "nosniff",
XFrameOptions: "", // disabled
HSTSMaxAge: 0, // disabled
ContentSecurityPolicy: "", // disabled
}))
e.Use(middleware.CORSWithConfig(DefaultCORSConfig)) e.Use(middleware.CORSWithConfig(DefaultCORSConfig))
e.GET("/", func(c echo.Context) error { e.GET("/", func(c echo.Context) error {