diff options
| author | nickago <ngonella@calpoly.edu> | 2015-07-27 08:29:08 -0700 |
|---|---|---|
| committer | nickago <ngonella@calpoly.edu> | 2015-07-27 08:29:08 -0700 |
| commit | 18d160bec53c36b604900506a461598a7082ff9b (patch) | |
| tree | b3e98d448655bc8b02a025604e7c39d88803b81b | |
| parent | c0d225c6d8ac3f1f7f07047f6527d16d173d3550 (diff) | |
| download | chat-18d160bec53c36b604900506a461598a7082ff9b.tar.gz chat-18d160bec53c36b604900506a461598a7082ff9b.tar.bz2 chat-18d160bec53c36b604900506a461598a7082ff9b.zip | |
Centralized header additions and removed duplicate code
| -rw-r--r-- | api/context.go | 2 | ||||
| -rw-r--r-- | web/web.go | 32 |
2 files changed, 2 insertions, 32 deletions
diff --git a/api/context.go b/api/context.go index ac9dffcbc..036128a00 100644 --- a/api/context.go +++ b/api/context.go @@ -100,6 +100,8 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId) w.Header().Set(model.HEADER_VERSION_ID, utils.Cfg.ServiceSettings.Version) + w.Header().Set("X-FRAME-OPTIONS", "DENY") + w.Header().Set("Content-Security-Policy", "frame-ancestors none") sessionId := "" diff --git a/web/web.go b/web/web.go index 7a2d424aa..1d59ef946 100644 --- a/web/web.go +++ b/web/web.go @@ -140,9 +140,6 @@ func root(c *api.Context, w http.ResponseWriter, r *http.Request) { return } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - if len(c.Session.UserId) == 0 { page := NewHtmlTemplatePage("signup_team", "Signup") page.Render(c, w) @@ -159,9 +156,6 @@ func signup(c *api.Context, w http.ResponseWriter, r *http.Request) { return } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("signup_team", "Signup") page.Render(c, w) } @@ -183,9 +177,6 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { team = tResult.Data.(*model.Team) } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - // If we are already logged into this team then go to home if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id { page := NewHtmlTemplatePage("home", "Home") @@ -204,9 +195,6 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { func signupTeamConfirm(c *api.Context, w http.ResponseWriter, r *http.Request) { email := r.FormValue("email") - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("signup_team_confirm", "Signup Email Sent") page.Props["Email"] = email page.Render(c, w) @@ -229,9 +217,6 @@ func signupTeamComplete(c *api.Context, w http.ResponseWriter, r *http.Request) return } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("signup_team_complete", "Complete Team Sign Up") page.Props["Email"] = props["email"] page.Props["DisplayName"] = props["display_name"] @@ -283,9 +268,6 @@ func signupUserComplete(c *api.Context, w http.ResponseWriter, r *http.Request) } } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("signup_user_complete", "Complete User Sign Up") page.Props["Email"] = props["email"] page.Props["TeamDisplayName"] = props["display_name"] @@ -358,9 +340,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { team = tResult.Data.(*model.Team) } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("channel", "") page.Title = name + " - " + team.DisplayName + " " + page.SiteName page.Props["TeamDisplayName"] = team.DisplayName @@ -416,17 +395,12 @@ func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) { isVerified = "false" } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("verify", "Email Verified") page.Props["IsVerified"] = isVerified page.Render(c, w) } func findTeam(c *api.Context, w http.ResponseWriter, r *http.Request) { - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") page := NewHtmlTemplatePage("find_team", "Find Team") page.Render(c, w) } @@ -468,9 +442,6 @@ func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { teamDisplayName = team.DisplayName } - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("password_reset", "") page.Title = "Reset Password - " + page.SiteName page.Props["TeamDisplayName"] = teamDisplayName @@ -580,9 +551,6 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) user.TeamId = team.Id - w.Header().Set("X-FRAME-OPTIONS", "DENY") - w.Header().Set("Content-Security-Policy", "frame-ancestors none") - page := NewHtmlTemplatePage("signup_user_oauth", "Complete User Sign Up") page.Props["User"] = user.ToJson() page.Props["TeamName"] = team.Name |