From 73dbf3136862ed97ddda1f531a06389dedd35ed5 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 25 Oct 2023 12:15:22 +0300 Subject: [PATCH] Merge pull request from GHSA-954h-jrpm-72pm --- internal/api/assets/asset.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/api/assets/asset.go b/internal/api/assets/asset.go index 9830baeb90..9b73a93e7c 100644 --- a/internal/api/assets/asset.go +++ b/internal/api/assets/asset.go @@ -92,6 +92,8 @@ func NewHandler(commands *command.Commands, verifier *authz.TokenVerifier, authC verifier.RegisterServer("Assets-API", "assets", AssetsService_AuthMethods) router := mux.NewRouter() + csp := http_mw.SecurityHeaders(&http_mw.DefaultSCP, nil) + router.Use(callDurationInterceptor, instanceInterceptor, assetCacheInterceptor, accessInterceptor, csp) router.Use(callDurationInterceptor, instanceInterceptor, assetCacheInterceptor, accessInterceptor) RegisterRoutes(router, h) router.PathPrefix("/{owner}").Methods("GET").HandlerFunc(DownloadHandleFunc(h, h.GetFile()))