ai cooking
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request #218 from paulgmiller/pmiller/csp

magic headers for csp

authored by

Paul Miller and committed by
GitHub
288defd9 d838f8ab

+7
+3
internal/locations/locations.go
··· 16 16 "sync" 17 17 ) 18 18 19 + const htmxPageCSP = "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'" 20 + 19 21 type krogerClient interface { 20 22 LocationListWithResponse(ctx context.Context, params *kroger.LocationListParams, reqEditors ...kroger.RequestEditorFn) (*kroger.LocationListResponse, error) 21 23 // LocationDetailsWithResponse request ··· 158 160 if currentUser != nil { 159 161 favoriteStore = currentUser.FavoriteStore 160 162 } 163 + w.Header().Set("Content-Security-Policy", htmxPageCSP) 161 164 if err := l.renderLocationsPage(w, ctx, zip, favoriteStore, currentUser != nil); err != nil { 162 165 slog.ErrorContext(ctx, "failed to render locations page", "zip", zip, "error", err) 163 166 http.Error(w, "template error", http.StatusInternalServerError)
+4
internal/recipes/server.go
··· 26 26 "github.com/samber/lo" 27 27 ) 28 28 29 + const htmxPageCSP = "default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'" 30 + 29 31 type locServer interface { 30 32 GetLocationByID(ctx context.Context, locationID string) (*locations.Location, error) 31 33 } ··· 72 74 73 75 func (s *server) handleSingle(w http.ResponseWriter, r *http.Request) { 74 76 ctx := r.Context() 77 + 75 78 hash := r.PathValue("hash") 76 79 if hash == "" { 77 80 http.Error(w, "missing recipe hash", http.StatusBadRequest) 78 81 return 79 82 } 80 83 84 + w.Header().Set("Content-Security-Policy", htmxPageCSP) 81 85 recipe, err := s.SingleFromCache(ctx, hash) 82 86 if err != nil { 83 87 http.Error(w, "recipe not found", http.StatusNotFound)