fix(security): add HTTP security headers middleware
Set X-Frame-Options, X-Content-Type-Options, Referrer-Policy, CSP, and Strict-Transport-Security on all responses to mitigate clickjacking, MIME sniffing, XSS, and downgrade attacks. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
7b568607a6
commit
5451ec3918
2 changed files with 13 additions and 1 deletions
3
main.go
3
main.go
|
|
@ -216,7 +216,8 @@ func main() {
|
|||
http.HandleFunc(fmt.Sprintf("%s/lost", *baseURL), lostPassword)
|
||||
|
||||
srv := &http.Server{
|
||||
Addr: *bind,
|
||||
Addr: *bind,
|
||||
Handler: securityHeaders(http.DefaultServeMux),
|
||||
}
|
||||
|
||||
// Serve content
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue