ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2026-06-06 11:47:29 +02:00
Code Issues Packages Releases Activity

Fix issues after security audit

Browse Source 
Entire-Checkpoint: bc18358a9343
This commit is contained in:
Jan Eitzinger
2026-06-04 18:33:30 +02:00
parent 58ead40112
commit 6f7e262f3f
7 changed files with 68 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/cc-backend/server.go
View File

@@ -129,11 +129,19 @@ func (s *Server) init() error {
s.router.Use(middleware.Compress(5))
s.router.Use(middleware.Recoverer)
s.router.Use(cors.Handler(cors.Options{
AllowCredentials: true,
AllowCredentials: false,
AllowedHeaders: []string{"X-Requested-With", "Content-Type", "Authorization", "Origin"},
AllowedMethods: []string{"GET", "POST", "HEAD", "OPTIONS"},
AllowedOrigins: []string{"*"},
}))
s.router.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
if r.TLS != nil || r.Header.Get("X-Forwarded-Proto") == "https" {
rw.Header().Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
}
next.ServeHTTP(rw, r)
})
})
s.restAPIHandle = api.New()