handlers: add func addHeaders

2023-05-11 23:50:40 +02:00 · 2023-05-11 23:50:40 +02:00 · b77c2fe941
commit b77c2fe941
parent 13b9c3bdb4
6 changed files with 20 additions and 0 deletions
--- a/handlers/error.go
+++ b/handlers/error.go
@ -8,6 +8,8 @@ import (
 )

 func renderErrorPage(c echo.Context, status int, statusText, error string) error {
+	addHeaders(c)
+
 	strStatus := strconv.Itoa(status)

 	return c.Render(
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@ -22,6 +22,8 @@ func Index() echo.HandlerFunc {
 			return c.Redirect(http.StatusFound, "/home")
 		}

+		addHeaders(c)
+
 		csrf := c.Get("csrf").(string)

 		err := c.Render(
@ -50,6 +52,10 @@ func Index() echo.HandlerFunc {
 	}
 }

+func addHeaders(c echo.Context) {
+	c.Response().Writer.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
+}
+
 // experimental global redirect handler?
 // http.HandleFunc("/redirect", func(w http.ResponseWriter, r *http.Request) {
 // loc, err := url.QueryUnescape(r.URL.Query().Get("loc"))
--- a/handlers/home.go
+++ b/handlers/home.go
@ -14,6 +14,8 @@ func Home(client *ent.Client) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		var username string

+		addHeaders(c)
+
 		sess, _ := session.Get(setting.SessionCookieName(), c)
 		if sess == nil {
 			log.Info("no session, redirecting to /signin", "endpoint", "/home")
--- a/handlers/logout.go
+++ b/handlers/logout.go
@ -9,6 +9,8 @@ import (

 func Logout() echo.HandlerFunc {
 	return func(c echo.Context) error {
+		addHeaders(c)
+
 		switch {
 		case c.Request().Method == "POST":
 			sess, _ := session.Get(setting.SessionCookieName(), c)
--- a/handlers/signin.go
+++ b/handlers/signin.go
@ -15,6 +15,8 @@ import (

 func Signin() echo.HandlerFunc {
 	return func(c echo.Context) error {
+		addHeaders(c)
+
 		sess, _ := session.Get(setting.SessionCookieName(), c)

 		username := sess.Values["username"]
@ -38,6 +40,8 @@ func Signin() echo.HandlerFunc {

 func SigninPost(client *ent.Client) echo.HandlerFunc {
 	return func(c echo.Context) error {
+		addHeaders(c)
+
 		err := c.Request().ParseForm()
 		if err != nil {
 			return err
--- a/handlers/signup.go
+++ b/handlers/signup.go
@ -14,6 +14,8 @@ import (

 func Signup() echo.HandlerFunc {
 	return func(c echo.Context) error {
+		addHeaders(c)
+
 		sess, _ := session.Get(setting.SessionCookieName(), c)
 		if sess != nil {
 			log.Info("gorilla session", "endpoint", "signup")
@ -69,6 +71,8 @@ func Signup() echo.HandlerFunc {

 func SignupPost(client *ent.Client) echo.HandlerFunc {
 	return func(c echo.Context) error {
+		addHeaders(c)
+
 		err := c.Request().ParseForm()
 		if err != nil {
 			return err