arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Add secure middleware, with sensible values

Browse Source
This commit is contained in:
Deluan
2020-10-04 14:29:33 -04:00
committed by Deluan Quintão
parent 78c40ab6b4
commit cd171c40cb
4 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/middlewares.go
+20
View File
@@ -8,6 +8,7 @@ import (
"github.com/deluan/navidrome/log"
"github.com/go-chi/chi/middleware"
"github.com/unrolled/secure"
)
func requestLogger(next http.Handler) http.Handler {
@@ -46,6 +47,14 @@ func requestLogger(next http.Handler) http.Handler {
})
}
func injectLogger(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
ctx = log.NewContext(r.Context(), "requestId", ctx.Value(middleware.RequestIDKey))
next.ServeHTTP(w, r.WithContext(ctx))
})
}
func robotsTXT(fs http.FileSystem) func(next http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -58,3 +67,14 @@ func robotsTXT(fs http.FileSystem) func(next http.Handler) http.Handler {
})
}
}
func secureMiddleware() func(h http.Handler) http.Handler {
sec := secure.New(secure.Options{
ContentTypeNosniff: true,
FrameDeny: true,
ReferrerPolicy: "same-origin",
FeaturePolicy: "autoplay 'none'; camera: 'none'; display-capture 'none'; microphone: 'none'; usb: 'none'",
ContentSecurityPolicy: "script-src 'self' 'unsafe-inline'",
})
return sec.Handler
}