Fijxu/justlog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added X-Content-Type-Options: nosniff to all responses

Browse source
This commit is contained in:
Ruben Anders 2019-06-21 15:37:07 +02:00 committed by GitHub
parent e3d5eaf327
commit 8237afb113
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
api/server.go
View file

@ -56,6 +56,13 @@ func (s *Server) Init() {
e.Use(middleware.RemoveTrailingSlashWithConfig(middleware.TrailingSlashConfig{
RedirectCode: http.StatusMovedPermanently,
}))
e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
XSSProtection: "", // disabled
ContentTypeNosniff: "nosniff",
XFrameOptions: "", // disabled
HSTSMaxAge: 0, // disabled
ContentSecurityPolicy: "", // disabled
}))
e.Use(middleware.CORSWithConfig(DefaultCORSConfig))
e.GET("/", func(c echo.Context) error {