mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-12-25 00:08:55 +01:00
3aedd937c3
This adds the CSP header with a policy of only loading from the same domain. We don't make use of external media, CSS, JS, fonts, so we don't ever need external data loaded in our context. When building a DEBUG build, the policy gets extended to include localhost:*, i.e localhost on any port. This keeps the live-reloading flow for JS development working. localhost and 127.0.0.1 are considered to be the same so mixing and matching those doesn't result in a CSP violation. |
||
---|---|---|
.. | ||
cachecontrol.go | ||
cors.go | ||
extraheaders.go | ||
gzip.go | ||
logger.go | ||
ratelimit.go | ||
requestid.go | ||
session_test.go | ||
session.go | ||
signaturecheck.go | ||
throttling.go | ||
tokencheck.go | ||
useragent.go |