A301/a301_server
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
333cfa7911c09f2c1ec897e12b600120628c5b5e
a301_server/pkg/middleware/security.go
tolelom 333cfa7911
All checks were successful
Server CI/CD / lint-and-build (push) Successful in 12s
Details
Server CI/CD / deploy (push) Successful in 53s
Details
fix: Swagger CSP에 validator.swagger.io 이미지 허용 추가 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 09:23:27 +09:00

25 lines
870 B
Go
Raw Blame History

package middleware
import (
"strings"
"github.com/gofiber/fiber/v2"
)
// SecurityHeaders sets common HTTP security headers on every response.
func SecurityHeaders(c *fiber.Ctx) error {
c.Set("X-Content-Type-Options", "nosniff")
c.Set("X-Frame-Options", "DENY")
c.Set("X-XSS-Protection", "0")
c.Set("Referrer-Policy", "strict-origin-when-cross-origin")
if strings.HasPrefix(c.Path(), "/swagger") {
c.Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://validator.swagger.io; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'")
} else {
c.Set("Content-Security-Policy", "default-src 'none'; frame-ancestors 'none'")
}
c.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
return c.Next()
}
Reference in New Issue View Git Blame Copy Permalink