From 9a9644bafeeae7fe5bde2a014ab50c43843110ef Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Mon, 13 Jan 2025 09:18:04 +0100 Subject: [PATCH] Set content-type when serving webui index --- pkg/api/dashboard/dashboard.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/pkg/api/dashboard/dashboard.go b/pkg/api/dashboard/dashboard.go index 21eeee8fb..b44a14bba 100644 --- a/pkg/api/dashboard/dashboard.go +++ b/pkg/api/dashboard/dashboard.go @@ -29,14 +29,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { assets = webui.FS } - // allow iframes from traefik domains only + // Allow iframes from traefik domains only. // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") - // The content type must be guessed by the file server. - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options - w.Header().Del("Content-Type") - if r.RequestURI == "/" { indexTemplate, err := template.ParseFS(assets, "index.html") if err != nil { @@ -45,6 +41,8 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + w.Header().Set("Content-Type", "text/html; charset=utf-8") + apiPath := strings.TrimSuffix(h.BasePath, "/") + "/api/" if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil { log.Error().Err(err).Msg("Unable to render index template") @@ -55,6 +53,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + // The content type must be guessed by the file server. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + w.Header().Del("Content-Type") + http.FileServerFS(assets).ServeHTTP(w, r) } @@ -84,13 +86,11 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error { router.Methods(http.MethodGet). Path(dashboardPath). HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // allow iframes from our domains only + // Allow iframes from our domains only. // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") - // The content type must be guessed by the file server. - // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options - w.Header().Del("Content-Type") + w.Header().Set("Content-Type", "text/html; charset=utf-8") apiPath := strings.TrimSuffix(basePath, "/") + "/api/" if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil { @@ -103,7 +103,7 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error { router.Methods(http.MethodGet). PathPrefix(dashboardPath). HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - // allow iframes from traefik domains only + // Allow iframes from traefik domains only. // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") @@ -113,5 +113,6 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error { http.StripPrefix(dashboardPath, http.FileServerFS(assets)).ServeHTTP(w, r) }) + return nil }