From 912a0eb6d5cb835a26d6318e9d0f8052e88c87de Mon Sep 17 00:00:00 2001 From: RochoElLocho Date: Sun, 12 Jan 2025 18:58:25 +0100 Subject: [PATCH] Sicherheits header aktualisiert --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index d94d7cd..81e137c 100644 --- a/main.go +++ b/main.go @@ -44,7 +44,7 @@ func main() { func secureHeaders(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Setze die Sicherheitsheader - w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';") + w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self';") w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload") w.Header().Set("X-Content-Type-Options", "nosniff") w.Header().Set("X-Frame-Options", "DENY")