add X-Content-Type-Options: nosniff
This commit is contained in:
parent
42aab4dca1
commit
71d5f51ae6
2
csp.go
2
csp.go
|
@ -7,6 +7,7 @@ import (
|
|||
const (
|
||||
cspHeader = "Content-Security-Policy"
|
||||
frameOptionsHeader = "X-Frame-Options"
|
||||
contentTypeOptionsHeader = "X-Content-Type-Options"
|
||||
)
|
||||
|
||||
type csp struct {
|
||||
|
@ -26,6 +27,7 @@ func (c csp) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
w.Header().Set(frameOptionsHeader, c.opts.frame)
|
||||
w.Header().Set(contentTypeOptionsHeader, "nosniff")
|
||||
|
||||
c.h.ServeHTTP(w, r)
|
||||
}
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
var testCSPHeaders = map[string]string{
|
||||
"Content-Security-Policy": "default-src 'none'; style-src 'self';",
|
||||
"X-Frame-Options": "SAMEORIGIN",
|
||||
"X-Content-Type-Options": "nosniff",
|
||||
}
|
||||
|
||||
func TestContentSecurityPolicy(t *testing.T) {
|
||||
|
|
Loading…
Reference in New Issue