Commit ff183323 authored by Leonard Techel's avatar Leonard Techel
Browse files

Enable some browser security features using HTTP headers

parent 81e0d78d
......@@ -36,6 +36,10 @@ func CreateUCP(cfg UCPConfig) (ucp *UCP) {
m.Use(session.Sessioner())
m.Use(csrf.Csrfer())
m.Use(func(ctx *macaron.Context, x csrf.CSRF) {
ctx.Resp.Header().Add("X-Frame-Options", "DENY")
ctx.Resp.Header().Add("X-Content-Type-Options", "nosniff")
ctx.Resp.Header().Add("X-XSS-Protection", "1; mode=block")
ctx.Data["csrf_token"] = x.GetToken()
})
m.Use(func(ctx *macaron.Context) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment