mirror of
https://github.com/photoprism/photoprism.git
synced 2025-10-05 16:57:17 +08:00
37 lines
1.3 KiB
Go
37 lines
1.3 KiB
Go
package server
|
|
|
|
import (
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"github.com/photoprism/photoprism/internal/api"
|
|
"github.com/photoprism/photoprism/internal/config"
|
|
"github.com/photoprism/photoprism/pkg/media/http/header"
|
|
)
|
|
|
|
// Security is a middleware that adds security-related headers to the server's response.
|
|
var Security = func(conf *config.Config) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// Only allow crawlers to index the site if it is a public demo (or if there is a public image wall):
|
|
// https://github.com/photoprism/photoprism/issues/669
|
|
if !conf.Demo() || !conf.Public() {
|
|
// Set "X-Robots-Tag" header:
|
|
// https://developers.google.com/search/docs/crawling-indexing/robots-meta-tag#xrobotstag
|
|
c.Header(header.RobotsTag, header.RobotsNone)
|
|
}
|
|
|
|
// Abort if the request must not be served through a CDN.
|
|
if header.AbortCdnRequest(c.Request) {
|
|
api.AbortNotFound(c)
|
|
return
|
|
}
|
|
|
|
// Set "Content-Security-Policy" header:
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
|
|
c.Header(header.ContentSecurityPolicy, header.DefaultContentSecurityPolicy)
|
|
|
|
// Set "X-Frame-Options" header:
|
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
c.Header(header.FrameOptions, header.DefaultFrameOptions)
|
|
}
|
|
}
|