MCPcopy Create free account
hub / github.com/devaccuracy/ledgerforge / SecurityHeaders

Function SecurityHeaders

api/middleware/middleware.go:167–187  ·  view source on GitHub ↗

SecurityHeaders sets security headers to the response. It sets the following headers: - X-Content-Type-Options: nosniff - X-Frame-Options: DENY - Referrer-Policy: strict-origin-when-cross-origin - Content-Security-Policy: default-src 'none'; frame-ancestors 'none' - Cache-Control: no-store - Strict-

()

Source from the content-addressed store, hash-verified

165// Returns:
166// - gin.HandlerFunc: A middleware function that sets security headers to the response.
167func SecurityHeaders() gin.HandlerFunc {
168 return func(c *gin.Context) {
169 c.Header("X-Content-Type-Options", "nosniff")
170 c.Header("X-Frame-Options", "DENY")
171 c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
172 c.Header("Content-Security-Policy", "default-src 'none'; frame-ancestors 'none'")
173 c.Header("Cache-Control", "no-store")
174 isTLS := c.Request.TLS != nil
175 if !isTLS {
176 xfp := strings.ToLower(c.GetHeader("X-Forwarded-Proto"))
177 if xfp == "https" {
178 isTLS = true
179 }
180 }
181 if isTLS {
182 c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
183 }
184
185 c.Next()
186 }
187}

Callers 1

NewAPIFunction · 0.92

Calls

no outgoing calls

Tested by

no test coverage detected