othman.suseno/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add installer alpha version

Browse Source
This commit is contained in:
othman hendy suseno
2025-12-15 16:38:20 +07:00
parent 732e5aca11
commit b4ef76f0d0
23 changed files with 4279 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/httpapp/security_middleware.go
View File

@@ -23,7 +23,9 @@ func (a *App) securityHeadersMiddleware(next http.Handler) http.Handler {
}
// Content Security Policy (CSP)
csp := "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://cdn.jsdelivr.net; connect-src 'self';"
// Allow Tailwind CDN, unpkg (for htmx), and jsdelivr for external resources
// Note: Tailwind CDN needs connect-src to fetch config and make network requests
csp := "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://unpkg.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://unpkg.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://cdn.tailwindcss.com https://unpkg.com https://cdn.jsdelivr.net; connect-src 'self' https://cdn.tailwindcss.com https://unpkg.com https://cdn.jsdelivr.net;"
w.Header().Set("Content-Security-Policy", csp)
next.ServeHTTP(w, r)