juanatsap
dab68f34f2
- Minimal, professional CV design with paper-on-gray layout - Bilingual support (Spanish/English) with HTMX language switching - JSON-based content management (cv-en.json, cv-es.json) - Print-optimized CSS for PDF export - Responsive design for all devices - Go backend with stdlib net/http - Clean, maintainable codebase Features: - 18+ years professional experience - SAP CDC expertise - Complete project history - Education, certifications, awards - Multi-language support Tech stack: Go, HTMX, vanilla CSS
31 lines
943 B
Go
31 lines
943 B
Go
package middleware
|
|
|
|
import "net/http"
|
|
|
|
// SecurityHeaders adds common security headers to responses
|
|
func SecurityHeaders(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Prevent clickjacking
|
|
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
|
|
|
|
// Prevent MIME type sniffing
|
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
|
|
|
// XSS Protection (legacy but still useful)
|
|
w.Header().Set("X-XSS-Protection", "1; mode=block")
|
|
|
|
// Referrer policy
|
|
w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
|
|
|
|
// Content Security Policy (adjust as needed)
|
|
w.Header().Set("Content-Security-Policy",
|
|
"default-src 'self'; "+
|
|
"script-src 'self' 'unsafe-inline' https://unpkg.com; "+
|
|
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "+
|
|
"font-src 'self' https://fonts.gstatic.com; "+
|
|
"connect-src 'self'")
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|