TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-17 22:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

增强安全性

Browse Source
This commit is contained in:
GoEdgeLab
2020-11-10 12:47:24 +08:00
parent 8e664f33db
commit 26066daad7
118 changed files with 164 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/web/helpers/user_must_auth.go
View File

@@ -24,6 +24,12 @@ func NewUserMustAuth() *UserMustAuth {
func (this *UserMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramName string) (goNext bool) {
var action = actionPtr.Object()
// 安全相关
if !teaconst.EnabledFrame {
action.AddHeader("X-Frame-Options", "SAMEORIGIN")
}
action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")
// 检查系统是否已经配置过
if !setup.IsConfigured() {
action.RedirectURL("/setup")