clemo/kubeviz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CSP-Flag
All checks were successful
Deploy KubeViz / deploy (push) Successful in 12s
Details

Browse Source
This commit is contained in:
Clemens Hering
2026-03-01 11:45:20 +01:00
parent 58a10625c3
commit aafc95a551
6 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/httpserver/server.go
View File

@@ -74,7 +74,9 @@ func (s *Server) middleware(next http.Handler) http.Handler {
w.Header().Set("X-Content-Type-Options", "nosniff")
w.Header().Set("Referrer-Policy", "same-origin")
w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self';")
if s.cfg.AppCSPEnabled {
w.Header().Set("Content-Security-Policy", "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; worker-src 'self' blob:;")
}
if r.TLS != nil || strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") {
w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}