The_evening_detective/evening_detective
1
0
Fork 0
generated from VLADIMIR/template
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

fix

Browse Source
This commit is contained in:
Владимир Фёдоров
2026-05-16 15:23:17 +07:00
parent b8b6d86393
commit 7f88fc6b0f
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/evening_detective/main.go
+15 -3
View File
@@ -125,7 +125,7 @@ func main() {
// Server gRPC-Gateway // Server gRPC-Gateway
gwServer := &http.Server{ gwServer := &http.Server{
Addr: config.GrpcGatewayPort, Addr: config.GrpcGatewayPort,
Handler: cors(gwmux), Handler: csp(cors(gwmux)),
} }
log.Printf("Serving %s for gRPC-Gateway\n", grpcGatewayHost) log.Printf("Serving %s for gRPC-Gateway\n", grpcGatewayHost)
go func() { go func() {
@@ -172,7 +172,6 @@ func cors(h http.Handler) http.Handler {
w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE") w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE")
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, ResponseType, X-Id, X-Password") w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, ResponseType, X-Id, X-Password")
w.Header().Set("Content-Security-Policy", "connect-src 'self' evening-detective.crabs-games.art evening-detective-admin.crabs-games.art;")
if r.Method == "OPTIONS" { if r.Method == "OPTIONS" {
return return
} }
@@ -180,6 +179,20 @@ func cors(h http.Handler) http.Handler {
}) })
} }
func csp(h http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set(
"Content-Security-Policy",
"default-src 'self'; "+
"connect-src 'self' https://evening-detective-api.crabs-games.art; "+
"script-src 'self'; "+
"style-src 'self'; "+
"img-src 'self' data:;",
)
h.ServeHTTP(w, r)
})
}
func loggingMiddleware(next http.Handler) http.Handler { func loggingMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
start := time.Now() start := time.Now()
@@ -190,4 +203,3 @@ func loggingMiddleware(next http.Handler) http.Handler {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }