GoToSocial/middleware at 8a2fb48ef4d0acab54356d9de360f67fa48118e7 - GoToSocial - Gitea

SuperSeriousBusiness/GoToSocial

mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-02-01 09:57:26 +01:00

History

Daenney 02d6e2e3bc

[feature] Set some security related headers (#3065 )

* Set frame-ancestors in the CSP
   This ensures we can't be loaded/embedded in an iframe. It also sets the
   older X-Frame-Options for fallback.
* Disable MIME type sniffing
* Set Referrer-Policy
   This sets the policy such that browsers will never send the Referer
   header along with a request, unless it's a request to the same protocol,
   host/domain and port. Basically, only send it when navigating through
   our own UI, but not anything external.

   The default is strict-origin-when-cross-origin when unset, which sends
   the Referer header for requests unless it's going from HTTPS to HTTP
   (i.e a security downgrade, hence the 'strict').

2024-07-04 10:07:02 +02:00

..

cachecontrol.go

[bugfix] Set Vary header correctly on cache-control (#1988 )

2023-07-13 21:27:25 +02:00

contentsecuritypolicy_test.go

[feature] Add rate limit exceptions option, use ISO8601 for rate limit reset (#2151 )

2023-08-23 14:32:27 +02:00

contentsecuritypolicy.go

[feature] Set some security related headers (#3065 )

2024-07-04 10:07:02 +02:00

cors.go

[chore] Replace pinafore with semaphore (#1801 )

2023-05-21 22:40:43 +02:00

extraheaders.go

[feature] Set some security related headers (#3065 )

2024-07-04 10:07:02 +02:00

gzip.go

[chore] Improve copyright header handling (#1608 )

2023-03-12 16:00:57 +01:00

headerfilter_test.go

[feature] request blocking by http headers (#2409 )

2023-12-18 14:18:25 +00:00

headerfilter.go

[feature] request blocking by http headers (#2409 )

2023-12-18 14:18:25 +00:00

logger.go

[feature] Log pubKeyID for http-signed requests (#2501 )

2024-01-09 10:41:15 +01:00

ratelimit_test.go

[feature] Add rate limit exceptions option, use ISO8601 for rate limit reset (#2151 )

2023-08-23 14:32:27 +02:00

ratelimit.go

[feature] request blocking by http headers (#2409 )

2023-12-18 14:18:25 +00:00

requestid.go

[chore] ensure worker contexts have request ID (#2120 )

2023-08-15 17:01:01 +01:00

session_test.go

[chore] Improve copyright header handling (#1608 )

2023-03-12 16:00:57 +01:00

session.go

[chore] Improve copyright header handling (#1608 )

2023-03-12 16:00:57 +01:00

signaturecheck.go

[feature] Try HTTP signature validation with and without query params for incoming requests (#2591 )

2024-01-31 14:15:28 +00:00

throttling_test.go

[bugfix] increases sleep time before check in throttle test, to give more leeway (#2482 )

2024-01-03 10:27:55 +00:00

throttling.go

[performance] simpler throttling logic (#2407 )

2023-12-16 12:53:42 +01:00

tokencheck.go

[performance] remove last of relational queries to instead rely on caches (#2091 )

2023-08-10 15:08:41 +01:00

useragent.go

[feature] request blocking by http headers (#2409 )

2023-12-18 14:18:25 +00:00

util.go

[feature] request blocking by http headers (#2409 )

2023-12-18 14:18:25 +00:00