45 lines
1.0 KiB
Go
45 lines
1.0 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"GoMembership/internal/config"
|
|
"GoMembership/pkg/logger"
|
|
"net/http"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func CSPMiddleware() gin.HandlerFunc {
|
|
logger.Error.Printf("applying CSP")
|
|
return func(c *gin.Context) {
|
|
policy := "default-src 'self'; " +
|
|
"script-src 'self' 'unsafe-inline'" +
|
|
"style-src 'self' 'unsafe-inline'" +
|
|
"img-src 'self'" +
|
|
"font-src 'self'" +
|
|
"connect-src 'self'; " +
|
|
"frame-ancestors 'none'; " +
|
|
"form-action 'self'; " +
|
|
"base-uri 'self'; " +
|
|
"upgrade-insecure-requests;"
|
|
|
|
if config.Env == "development" {
|
|
policy += " report-uri /csp-report;"
|
|
c.Header("Content-Security-Policy-Report-Only", policy)
|
|
} else {
|
|
c.Header("Content-Security-Policy", policy)
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func CSPReportHandling(c *gin.Context) {
|
|
var report map[string]interface{}
|
|
if err := c.BindJSON(&report); err != nil {
|
|
|
|
logger.Error.Printf("Couldn't Bind JSON: %#v", err)
|
|
return
|
|
}
|
|
logger.Info.Printf("CSP Violation: %+v", report)
|
|
c.Status(http.StatusNoContent)
|
|
}
|