Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-23 15:29:42 +02:00
Code Issues Releases Activity

feat(csp): enable CSP by default BE-11961 (#872)

Browse source
This commit is contained in:
andres-portainer 2025-07-09 16:15:43 -03:00 committed by GitHub
parent 4d11aa8655
commit ea4b334c7e
8 changed files with 56 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/http/handler/file/handler.go
View file

@ -17,12 +17,12 @@ type Handler struct {
}
// NewHandler creates a handler to serve static files.
func NewHandler(assetPublicPath string, wasInstanceDisabled func() bool) *Handler {
func NewHandler(assetPublicPath string, csp bool, wasInstanceDisabled func() bool) *Handler {
h := &Handler{
Handler: security.MWSecureHeaders(
gzhttp.GzipHandler(http.FileServer(http.Dir(assetPublicPath))),
featureflags.IsEnabled("hsts"),
featureflags.IsEnabled("csp"),
csp,
),
wasInstanceDisabled: wasInstanceDisabled,
}
@ -36,6 +36,7 @@ func isHTML(acceptContent []string) bool {
return true
}
}
return false
}
@ -43,11 +44,13 @@ func (handler *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if handler.wasInstanceDisabled() {
if r.RequestURI == "/" || r.RequestURI == "/index.html" {
http.Redirect(w, r, "/timeout.html", http.StatusTemporaryRedirect)
return
}
} else {
if strings.HasPrefix(r.RequestURI, "/timeout.html") {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
}