From 062e27538849a42373a499fb070717b29b64a5fe Mon Sep 17 00:00:00 2001 From: Brad Rydzewski Date: Sat, 9 Aug 2014 19:06:20 -0700 Subject: [PATCH] moved standard http headers --- server/handler/error.go | 6 ------ server/main.go | 7 +++++++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/server/handler/error.go b/server/handler/error.go index e29dc90e8..e07882e5d 100644 --- a/server/handler/error.go +++ b/server/handler/error.go @@ -28,12 +28,6 @@ type internalServerError struct{ error } // If the error is of another type, it is considered as an internal error and its message is logged. func errorHandler(f func(w http.ResponseWriter, r *http.Request) error) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - // standard header variables that should be set, for good measure. - w.Header().Add("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate") - w.Header().Add("X-Frame-Options", "DENY") - w.Header().Add("X-Content-Type-Options", "nosniff") - w.Header().Add("X-XSS-Protection", "1; mode=block") - // serve the request err := f(w, r) if err == nil { diff --git a/server/main.go b/server/main.go index 5fe3d4d9f..05c5ee1da 100644 --- a/server/main.go +++ b/server/main.go @@ -122,11 +122,18 @@ func main() { strings.HasPrefix(r.URL.Path, "/scripts/"), strings.HasPrefix(r.URL.Path, "/styles/"), strings.HasPrefix(r.URL.Path, "/views/"): + // serve static conent fserver.ServeHTTP(w, r) case strings.HasPrefix(r.URL.Path, "/logout"), strings.HasPrefix(r.URL.Path, "/login/"), strings.HasPrefix(r.URL.Path, "/v1/"), strings.HasPrefix(r.URL.Path, "/ws/"): + // standard header variables that should be set, for good measure. + w.Header().Add("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate") + w.Header().Add("X-Frame-Options", "DENY") + w.Header().Add("X-Content-Type-Options", "nosniff") + w.Header().Add("X-XSS-Protection", "1; mode=block") + // serve dynamic content router.ServeHTTP(w, r) default: w.Write(index)