startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso

Browse Source
This commit is contained in:
Ryan Copley
2025-08-26 19:15:37 -04:00
parent 7ca61eb712
commit 86900b0bd4
16 changed files with 2099 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/middleware/middleware.go
View File

@ -59,7 +59,10 @@ func Security() gin.HandlerFunc {
c.Header("X-Content-Type-Options", "nosniff")
c.Header("X-XSS-Protection", "1; mode=block")
c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
c.Header("Content-Security-Policy", "default-src 'self'")
// Set Content Security Policy - more permissive for test pages in development
csp := "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"
c.Header("Content-Security-Policy", csp)
c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
c.Next()