Commit 02e7c7e8 authored by Alexandre Iooss's avatar Alexandre Iooss Committed by Juliusz Chroboczek

Add Referrer-Policy and X-Content-Type-Options headers

parent df55c1e7
...@@ -103,6 +103,12 @@ func cspHeader(w http.ResponseWriter, connect string) { ...@@ -103,6 +103,12 @@ func cspHeader(w http.ResponseWriter, connect string) {
} }
w.Header().Add("Content-Security-Policy", w.Header().Add("Content-Security-Policy",
c+" img-src data: 'self'; media-src blob: 'self'; default-src 'self'") c+" img-src data: 'self'; media-src blob: 'self'; default-src 'self'")
// Make browser stop sending referrer information
w.Header().Add("Referrer-Policy", "no-referrer")
// Require correct MIME type to load CSS and JS
w.Header().Add("X-Content-Type-Options", "nosniff")
} }
func notFound(w http.ResponseWriter) { func notFound(w http.ResponseWriter) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment