gotosocial/internal/middleware
Daenney 3aedd937c3
[feature] Set Content-Security-Policy header (#2095)
This adds the CSP header with a policy of only loading from the same
domain. We don't make use of external media, CSS, JS, fonts, so we don't
ever need external data loaded in our context.

When building a DEBUG build, the policy gets extended to include
localhost:*, i.e localhost on any port. This keeps the live-reloading
flow for JS development working. localhost and 127.0.0.1 are considered
to be the same so mixing and matching those doesn't result in a CSP
violation.
2023-08-11 13:20:56 +02:00
..
cachecontrol.go [bugfix] Set Vary header correctly on cache-control (#1988) 2023-07-13 21:27:25 +02:00
cors.go [chore] Replace pinafore with semaphore (#1801) 2023-05-21 22:40:43 +02:00
extraheaders.go [feature] Set Content-Security-Policy header (#2095) 2023-08-11 13:20:56 +02:00
gzip.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00
logger.go [bugfix] Overwrite API client closed errors with 499 - Client Closed Request (#1857) 2023-06-02 15:19:43 +02:00
ratelimit.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00
requestid.go feat: initial tracing support (#1623) 2023-05-09 18:19:48 +01:00
session.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00
session_test.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00
signaturecheck.go [performance] retry db queries on busy errors (#2025) 2023-07-25 10:34:05 +02:00
throttling.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00
tokencheck.go [performance] remove last of relational queries to instead rely on caches (#2091) 2023-08-10 15:08:41 +01:00
useragent.go [chore] Improve copyright header handling (#1608) 2023-03-12 16:00:57 +01:00