Add --csp and --allow-html flagsv0.1.6

author: clsr <clsr@clsr.net> 2016-06-16 21:11:55 +0200
committer: clsr <clsr@clsr.net> 2016-06-16 21:11:55 +0200
commit: d5bfbdefb1bb56d7062975cd04954aa1ad346018 (patch)
tree: 2892f9d7e763457db7bc15a948dc5db169f6223d /api.go
parent: 062d8e6a2d0da35d29b742a6970a9268b517f20c (diff)
download: gomf-d5bfbdefb1bb56d7062975cd04954aa1ad346018.tar.gz
gomf-d5bfbdefb1bb56d7062975cd04954aa1ad346018.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/api.go b/api.go
index 1fe7f0a..b3b7063 100644
--- a/api.go
+++ b/api.go
@@ -28,13 +28,14 @@ func handleFile(w http.ResponseWriter, r *http.Request) {
 	}
 	defer f.Close()
 	mtype := mime.TypeByExtension(path.Ext(f.Name()))
-	if strings.Index(mtype, "text/html") == 0 || strings.Index(mtype, "application/xhtml+xml") == 0 {
+	if !allowHtml && (strings.Index(mtype, "text/html") == 0 || strings.Index(mtype, "application/xhtml+xml") == 0) {
 		mtype = "text/plain"
 	}
 	w.Header().Set("Content-Type", mtype)
 	_ = size
-	//w.Header().Set("Content-Length", strconv.FormatInt(size, 10))
-	w.Header().Set("Content-Security-Policy", "default-src 'none'; media-src 'self'")
+	if csp != "" {
+		w.Header().Set("Content-Security-Policy", csp)
+	}
 	w.Header().Set("Last-Modified", modtime.UTC().Format(http.TimeFormat))
 	w.Header().Set("Expires", modtime.UTC().Add(time.Hour*24*30).Format(http.TimeFormat))
 	w.Header().Set("Cache-Control", "max-age=2592000")
author	clsr <clsr@clsr.net>	2016-06-16 21:11:55 +0200
committer	clsr <clsr@clsr.net>	2016-06-16 21:11:55 +0200
commit	d5bfbdefb1bb56d7062975cd04954aa1ad346018 (patch)
tree	2892f9d7e763457db7bc15a948dc5db169f6223d /api.go
parent	062d8e6a2d0da35d29b742a6970a9268b517f20c (diff)
download	gomf-d5bfbdefb1bb56d7062975cd04954aa1ad346018.tar.gz gomf-d5bfbdefb1bb56d7062975cd04954aa1ad346018.zip