SCHISANDRA/schisandra-cloud-album
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update model

Browse Source
This commit is contained in:
landaiqing
2024-09-13 13:13:47 +08:00
parent cd1ce8f578
commit ef5d7daa10
17 changed files with 51 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
middleware/security_headers.go
View File

@@ -1,22 +1,18 @@
package middleware
import (
ginI18n "github.com/gin-contrib/i18n"
"github.com/gin-gonic/gin"
"schisandra-cloud-album/common/result"
"schisandra-cloud-album/global"
"strings"
)
func SecurityHeaders() gin.HandlerFunc {
return func(c *gin.Context) {
url := strings.TrimPrefix(global.CONFIG.System.Web, "https://")
requestHost := c.Request.Host
if requestHost != url {
result.FailWithMessage(ginI18n.MustGetMessage(c, "IllegalRequests"), c)
c.Abort()
return
}
//url := strings.TrimPrefix(global.CONFIG.System.Web, "https://")
//requestHost := c.Request.Host
//if requestHost != url {
// result.FailWithMessage(ginI18n.MustGetMessage(c, "IllegalRequests"), c)
// c.Abort()
// return
//}
c.Header("X-Frame-Options", "DENY")
c.Header("Content-Security-Policy", "default-src 'self'; connect-src *; font-src *; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline';")
c.Header("X-XSS-Protection", "1; mode=block")