Browse Source

add X-Content-Type-Options: nosniff

pull/36/head
mutantmonkey 9 years ago
parent
commit
71d5f51ae6
  1. 2
      csp.go
  2. 1
      csp_test.go

2
csp.go

@ -7,6 +7,7 @@ import (
const (
cspHeader = "Content-Security-Policy"
frameOptionsHeader = "X-Frame-Options"
contentTypeOptionsHeader = "X-Content-Type-Options"
)
type csp struct {
@ -26,6 +27,7 @@ func (c csp) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
w.Header().Set(frameOptionsHeader, c.opts.frame)
w.Header().Set(contentTypeOptionsHeader, "nosniff")
c.h.ServeHTTP(w, r)
}

1
csp_test.go

@ -11,6 +11,7 @@ import (
var testCSPHeaders = map[string]string{
"Content-Security-Policy": "default-src 'none'; style-src 'self';",
"X-Frame-Options": "SAMEORIGIN",
"X-Content-Type-Options": "nosniff",
}
func TestContentSecurityPolicy(t *testing.T) {

Loading…
Cancel
Save