TRKJ/EdgeAdmin
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAdmin.git synced 2025-11-12 11:20:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加简单的安全设置

Browse Source
This commit is contained in:
GoEdgeLab
2020-11-20 18:06:54 +08:00
parent f8b6116c73
commit b764f470d9
9 changed files with 197 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/web/helpers/user_must_auth.go
View File

@@ -3,6 +3,7 @@ package helpers
import (
teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
nodes "github.com/TeaOSLab/EdgeAdmin/internal/rpc"
"github.com/TeaOSLab/EdgeAdmin/internal/securitymanager"
"github.com/TeaOSLab/EdgeAdmin/internal/setup"
"github.com/TeaOSLab/EdgeAdmin/internal/utils"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -26,8 +27,11 @@ func (this *UserMustAuth) BeforeAction(actionPtr actions.ActionWrapper, paramNam
var action = actionPtr.Object()
// 安全相关
if !teaconst.EnabledFrame {
securityConfig, _ := securitymanager.LoadSecurityConfig()
if securityConfig == nil {
action.AddHeader("X-Frame-Options", "SAMEORIGIN")
} else if len(securityConfig.Frame) > 0 {
action.AddHeader("X-Frame-Options", securityConfig.Frame)
}
action.AddHeader("Content-Security-Policy", "default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'")