Added a Content Security Policy for upgrading insecure images to HTTPS to avoid mixed content warnings.

2018-08-30 15:57:07 +10:00 · 2018-08-30 15:57:07 +10:00 · 41c3a5bb4a
parent 465d5c7835
commit 41c3a5bb4a
1 changed files with 4 additions and 0 deletions
--- a/common/routes_common.go
+++ b/common/routes_common.go
@ -278,6 +278,10 @@ func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) {
 		}
 	}

+	// TODO: Add a config setting to disable this header
+	// TODO: Have this header cover more things
+	w.Header().Set("Content-Security-Policy", "upgrade-insecure-requests")
+
 	if user == &GuestUser {
 		usercpy.LastIP = host
 		return *usercpy, true