fixed critical security issues
This commit is contained in:
@@ -108,6 +108,27 @@ func CSPMiddleware(config *CSPConfig) echo.MiddlewareFunc {
|
||||
}
|
||||
}
|
||||
|
||||
// CSPMiddlewareForPaths applies CSP middleware based on request path prefix.
|
||||
// Requests matching no prefix proceed without a CSP header.
|
||||
func CSPMiddlewareForPaths(adminPrefix string, adminConfig *CSPConfig, publicPrefix string, publicConfig *CSPConfig) echo.MiddlewareFunc {
|
||||
adminMW := CSPMiddleware(adminConfig)
|
||||
publicMW := CSPMiddleware(publicConfig)
|
||||
|
||||
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
path := c.Request().URL.Path
|
||||
switch {
|
||||
case strings.HasPrefix(path, adminPrefix):
|
||||
return adminMW(next)(c)
|
||||
case strings.HasPrefix(path, publicPrefix):
|
||||
return publicMW(next)(c)
|
||||
default:
|
||||
return next(c)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// CSPReportHandler handles CSP violation reports
|
||||
func CSPReportHandler(c echo.Context) error {
|
||||
var report struct {
|
||||
|
||||
Reference in New Issue
Block a user