Add: Security Headers

2024-08-28 02:30:38 +02:00
parent 12ea6767f8
commit 00ca11d2e6
2 changed files with 17 additions and 0 deletions
--- a/internal/middlewares/headers.go
+++ b/internal/middlewares/headers.go
@@ -0,0 +1,16 @@
+package middlewares
+
+import "github.com/gin-gonic/gin"
+
+func SecurityHeadersMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		c.Header("X-Frame-Options", "DENY")
+		c.Header("X-Content-Type-Options", "nosniff")
+		c.Header("Referrer-Policy", "strict-origin-when-cross-origin")
+		c.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
+		c.Header("X-XSS-Protection", "1; mode=block")
+		c.Header("Feature-Policy", "geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'")
+		c.Header("Permissions-Policy", "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()")
+		c.Next()
+	}
+}