From 955e2775d3a2b14a02a09dd333411731e065c6c4 Mon Sep 17 00:00:00 2001
From: Simon Rieger <simon@rieger.app>
Date: Fri, 8 Mar 2024 15:49:19 +0100
Subject: [PATCH] add CSP Header

---
 go/main.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/go/main.go b/go/main.go
index 23f26ba..7d15dd2 100644
--- a/go/main.go
+++ b/go/main.go
@@ -52,6 +52,9 @@ func homeHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func uploadHandler(w http.ResponseWriter, r *http.Request) {
+	// Setzen der Content Security Policy
+	w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none';")
+
 	mu.Lock()
 	defer mu.Unlock()
 
@@ -155,6 +158,9 @@ func uploadHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func imageHandler(w http.ResponseWriter, r *http.Request) {
+	// Setzen der Content Security Policy
+	w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none';")
+
 	// Extrahieren des Bildnamens aus dem URL-Pfad
 	imagePath := "./uploads/" + r.URL.Path[len("/image/"):]
 
@@ -175,6 +181,9 @@ func imageHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func viewHandler(w http.ResponseWriter, r *http.Request) {
+	// Setzen der Content Security Policy
+	w.Header().Set("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none';")
+
 	filePath := r.URL.Path[len("/view/"):]
 	imagePath := "./uploads/" + filePath