From aed8f6f8565cbeda2e844d1a3886b1bd782fca91 Mon Sep 17 00:00:00 2001
From: RochoElLocho <d.rath@diefleckenbuehler.de>
Date: Sun, 12 Jan 2025 18:27:33 +0100
Subject: [PATCH] Sicherheits header gesetzt

---
 main.go | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/main.go b/main.go
index f234c5c..e3ad7e2 100644
--- a/main.go
+++ b/main.go
@@ -21,19 +21,38 @@ func main() {
 	}
 
 	// Set up routes
-	http.HandleFunc("/", handleRoot)
-	http.HandleFunc("/config", handleConfig)
-	http.HandleFunc("/popup", handlePopupInstructions)
-	http.HandleFunc("/search", handleSearch)
-	http.HandleFunc("/favicon.ico", handleFavicon)
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", handleRoot)
+	mux.HandleFunc("/config", handleConfig)
+	mux.HandleFunc("/popup", handlePopupInstructions)
+	mux.HandleFunc("/search", handleSearch)
+	mux.HandleFunc("/favicon.ico", handleFavicon)
 
 	// Serve static files from 'public' directory
 	fs := http.FileServer(http.Dir("./public"))
-	http.Handle("/public/", http.StripPrefix("/public/", fs))
+	mux.Handle("/public/", http.StripPrefix("/public/", fs))
+
+	// Wende die Sicherheitsheader-Middleware auf alle Routen an
+	secureMux := secureHeaders(mux)
 
 	// Start the server
 	log.Printf("Server is running at http://0.0.0.0:%s\n", port)
-	log.Fatal(http.ListenAndServe("0.0.0.0:"+port, nil))
+	log.Fatal(http.ListenAndServe("0.0.0.0:"+port, secureMux))
+}
+
+// Middleware für Sicherheitsheader
+func secureHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Setze die Sicherheitsheader
+		w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:;")
+		w.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload")
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		w.Header().Set("X-Frame-Options", "DENY")
+		w.Header().Set("X-XSS-Protection", "1; mode=block")
+
+		// Führe den nächsten Handler aus
+		next.ServeHTTP(w, r)
+	})
 }
 
 func handleRoot(w http.ResponseWriter, r *http.Request) {