add X-Content-Type-Options: nosniff
This commit is contained in:
parent
42aab4dca1
commit
71d5f51ae6
2
csp.go
2
csp.go
|
@ -7,6 +7,7 @@ import (
|
||||||
const (
|
const (
|
||||||
cspHeader = "Content-Security-Policy"
|
cspHeader = "Content-Security-Policy"
|
||||||
frameOptionsHeader = "X-Frame-Options"
|
frameOptionsHeader = "X-Frame-Options"
|
||||||
|
contentTypeOptionsHeader = "X-Content-Type-Options"
|
||||||
)
|
)
|
||||||
|
|
||||||
type csp struct {
|
type csp struct {
|
||||||
|
@ -26,6 +27,7 @@ func (c csp) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
w.Header().Set(frameOptionsHeader, c.opts.frame)
|
w.Header().Set(frameOptionsHeader, c.opts.frame)
|
||||||
|
w.Header().Set(contentTypeOptionsHeader, "nosniff")
|
||||||
|
|
||||||
c.h.ServeHTTP(w, r)
|
c.h.ServeHTTP(w, r)
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
var testCSPHeaders = map[string]string{
|
var testCSPHeaders = map[string]string{
|
||||||
"Content-Security-Policy": "default-src 'none'; style-src 'self';",
|
"Content-Security-Policy": "default-src 'none'; style-src 'self';",
|
||||||
"X-Frame-Options": "SAMEORIGIN",
|
"X-Frame-Options": "SAMEORIGIN",
|
||||||
|
"X-Content-Type-Options": "nosniff",
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestContentSecurityPolicy(t *testing.T) {
|
func TestContentSecurityPolicy(t *testing.T) {
|
||||||
|
|
Loading…
Reference in New Issue