| 46 | } |
| 47 | |
| 48 | func (mod *RestAPI) setSecurityHeaders(w http.ResponseWriter) { |
| 49 | w.Header().Add("X-Frame-Options", "DENY") |
| 50 | w.Header().Add("X-Content-Type-Options", "nosniff") |
| 51 | w.Header().Add("X-XSS-Protection", "1; mode=block") |
| 52 | w.Header().Add("Referrer-Policy", "same-origin") |
| 53 | |
| 54 | w.Header().Set("Access-Control-Allow-Origin", mod.allowOrigin) |
| 55 | w.Header().Add("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization") |
| 56 | w.Header().Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE") |
| 57 | } |
| 58 | |
| 59 | func (mod *RestAPI) checkAuth(r *http.Request) bool { |
| 60 | if mod.username != "" && mod.password != "" { |