-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.go
More file actions
54 lines (48 loc) · 1.92 KB
/
main.go
File metadata and controls
54 lines (48 loc) · 1.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package main
import (
_ "github.com/udistrital/arka_mid/routers"
"github.com/udistrital/arka_mid/utils_oas/apiStatus"
"github.com/udistrital/arka_mid/utils_oas/auditoria"
"github.com/udistrital/arka_mid/utils_oas/customErrorv2"
"github.com/beego/beego/v2/server/web"
"github.com/beego/beego/v2/server/web/context"
"github.com/beego/beego/v2/server/web/filter/cors"
)
func main() {
AllowedOrigins := []string{"*.udistrital.edu.co"}
if web.BConfig.RunMode == "dev" {
AllowedOrigins = []string{"*"}
web.BConfig.WebConfig.DirectoryIndex = true
web.BConfig.WebConfig.StaticDir["/swagger"] = "swagger"
}
web.InsertFilter("*", web.BeforeRouter, cors.Allow(&cors.Options{
AllowOrigins: AllowedOrigins,
AllowMethods: []string{"PUT", "PATCH", "GET", "POST", "OPTIONS", "DELETE"},
AllowHeaders: []string{"Origin", "x-requested-with",
"content-type",
"accept",
"origin",
"authorization",
"x-csrftoken"},
ExposeHeaders: []string{"Content-Length", "X-Total-Count"},
AllowCredentials: true,
}))
web.ErrorController(&customErrorv2.CustomErrorController{})
web.InsertFilter("*", web.BeforeExec, SecurityHeaders)
apiStatus.Init()
auditoria.InitMiddleware()
web.Run()
}
func SecurityHeaders(ctx *context.Context) {
ctx.Output.Header("Clear-Site-Data", "'cache', 'cookies', 'storage', 'executionContexts'")
ctx.Output.Header("Cross-Origin-Embedder-Policy", "require-corp")
ctx.Output.Header("Cross-Origin-Opener-Policy", "same-origin")
ctx.Output.Header("Cross-Origin-Resource-Policy", "same-origin")
ctx.Output.Header("Permissions-Policy", "geolocation=(), microphone=(), camera=()")
ctx.Output.Header("Referrer-Policy", "no-referrer")
ctx.Output.Header("Server", "")
ctx.Output.Header("Strict-Transport-Security", "max-age=31536000; includeSubDomains")
ctx.Output.Header("X-Content-Type-Options", "nosniff")
ctx.Output.Header("X-Frame-Options", "DENY")
ctx.Output.Header("X-Permitted-Cross-Domain-Policies", "none")
}