totole/revel-cmd
1
0
Fork 0
mirror of https://github.com/kevin-DL/revel-cmd.git synced 2026-01-11 18:54:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed the catch all route, and added comment about security issue

Browse Source
This commit is contained in:
NotZippy
2017-10-22 09:31:18 -07:00
parent 2d4ccf289c
commit 29c6237caf
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
revel/skeleton/app/init.go
View File

@@ -38,9 +38,8 @@ func init() {
} }
// HeaderFilter adds common security headers // HeaderFilter adds common security headers
// TODO turn this into revel.HeaderFilter // There is a full implementation of a CSRF filter in
// should probably also have a filter for CSRF // https://github.com/revel/modules/tree/master/csrf
// not sure if it can go in the same filter or not
var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) { var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN") c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block") c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")

11
revel/skeleton/conf/routes
View File

@@ -15,5 +15,12 @@ GET /favicon.ico 404
# Map static resources from the /app/public folder to the /public path # Map static resources from the /app/public folder to the /public path
GET /public/*filepath Static.Serve("public") GET /public/*filepath Static.Serve("public")
# Catch all # Catch all, this will route any request into the controller path
* /:controller/:action :controller.:action #
# **** WARNING ****
# Enabling this exposes any controller and function to the web.
# ** This is a serious security issue if used online **
#
# For rapid development uncomment the following to add new controller.action endpoints
# without having to add them to the routes table.
# * /:controller/:action :controller.:action