about summary refs log tree commit diff
path: root/bskyweb/cmd
diff options
context:
space:
mode:
Diffstat (limited to 'bskyweb/cmd')
-rw-r--r--bskyweb/cmd/bskyweb/server.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/bskyweb/cmd/bskyweb/server.go b/bskyweb/cmd/bskyweb/server.go
index 07804e7ce..5e934c6b0 100644
--- a/bskyweb/cmd/bskyweb/server.go
+++ b/bskyweb/cmd/bskyweb/server.go
@@ -73,6 +73,15 @@ func serve(cctx *cli.Context) error {
 
 	e := echo.New()
 	e.HideBanner = true
+	// SECURITY: Do not modify without due consideration.
+	e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+		ContentTypeNosniff: "nosniff",
+		XFrameOptions:      "SAMEORIGIN",
+		HSTSMaxAge:         31536000, // 365 days
+		// TODO:
+		// ContentSecurityPolicy
+		// XSSProtection
+	}))
 	e.Use(middleware.LoggerWithConfig(middleware.LoggerConfig{
 		// Don't log requests for static content.
 		Skipper: func(c echo.Context) bool {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-10-11 22:50:02 +0000