mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-04-04 21:17:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Add HTTPSecurityHeaders.CustomFrameOptionsValue option.

Browse source 
Requested in https://github.com/navidrome/navidrome/issues/248#issuecomment-1783768985
This commit is contained in:
Deluan 2024-05-02 12:12:19 -04:00
parent 7c5eec715d
commit aef49cb8d6
2 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/middlewares.go
View file

@ -98,10 +98,11 @@ func corsHandler() func(http.Handler) http.Handler {
func secureMiddleware() func(http.Handler) http.Handler {
sec := secure.New(secure.Options{
ContentTypeNosniff: true,
FrameDeny: true,
ReferrerPolicy: "same-origin",
PermissionsPolicy: "autoplay=(), camera=(), microphone=(), usb=()",
ContentTypeNosniff: true,
FrameDeny: true,
ReferrerPolicy: "same-origin",
PermissionsPolicy: "autoplay=(), camera=(), microphone=(), usb=()",
CustomFrameOptionsValue: conf.Server.HTTPSecurityHeaders.CustomFrameOptionsValue,
//ContentSecurityPolicy: "script-src 'self' 'unsafe-inline'",
})
return sec.Handler