fixed critical security issues

This commit is contained in:
Mazyar
2026-05-25 13:23:49 +03:30
parent 51defd9438
commit da2d50bd70
4 changed files with 34 additions and 14 deletions
+21
View File
@@ -108,6 +108,27 @@ func CSPMiddleware(config *CSPConfig) echo.MiddlewareFunc {
}
}
// CSPMiddlewareForPaths applies CSP middleware based on request path prefix.
// Requests matching no prefix proceed without a CSP header.
func CSPMiddlewareForPaths(adminPrefix string, adminConfig *CSPConfig, publicPrefix string, publicConfig *CSPConfig) echo.MiddlewareFunc {
adminMW := CSPMiddleware(adminConfig)
publicMW := CSPMiddleware(publicConfig)
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
path := c.Request().URL.Path
switch {
case strings.HasPrefix(path, adminPrefix):
return adminMW(next)(c)
case strings.HasPrefix(path, publicPrefix):
return publicMW(next)(c)
default:
return next(c)
}
}
}
}
// CSPReportHandler handles CSP violation reports
func CSPReportHandler(c echo.Context) error {
var report struct {