MCPcopy Index your code
hub / github.com/tailscale/tailscale / debugBrowserHeaderHandler

Function debugBrowserHeaderHandler

tsweb/debug.go:184–193  ·  view source on GitHub ↗

debugBrowserHeaderHandler is a wrapper around BrowserHeaderHandler with a more relaxed Content-Security-Policy that's acceptable for internal debug pages. It should not be used on any public-facing handlers!

(h http.Handler)

Source from the content-addressed store, hash-verified

182// more relaxed Content-Security-Policy that's acceptable for internal debug
183// pages. It should not be used on any public-facing handlers!
184func debugBrowserHeaderHandler(h http.Handler) http.Handler {
185 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
186 AddBrowserHeaders(w)
187 // The only difference from AddBrowserHeaders is that this policy
188 // allows inline CSS styles. They make debug pages much easier to
189 // prototype, while the risk of user-injected CSS is relatively low.
190 w.Header().Set("Content-Security-Policy", "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; block-all-mixed-content; object-src 'none'; style-src 'self' 'unsafe-inline'")
191 h.ServeHTTP(w, r)
192 })
193}

Callers 1

handleMethod · 0.85

Calls 4

AddBrowserHeadersFunction · 0.85
SetMethod · 0.65
HeaderMethod · 0.45
ServeHTTPMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…