homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Set content-type when serving webui index

Browse source
This commit is contained in:
Kevin Pollet 2025-01-13 09:18:04 +01:00 committed by GitHub
parent a57e118a1a
commit 9a9644bafe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

21
pkg/api/dashboard/dashboard.go
View file

@ -29,14 +29,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
assets = webui.FS assets = webui.FS
} }
// allow iframes from traefik domains only // Allow iframes from traefik domains only.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
// The content type must be guessed by the file server.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
w.Header().Del("Content-Type")
if r.RequestURI == "/" { if r.RequestURI == "/" {
indexTemplate, err := template.ParseFS(assets, "index.html") indexTemplate, err := template.ParseFS(assets, "index.html")
if err != nil { if err != nil {
@ -45,6 +41,8 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
w.Header().Set("Content-Type", "text/html; charset=utf-8")
apiPath := strings.TrimSuffix(h.BasePath, "/") + "/api/" apiPath := strings.TrimSuffix(h.BasePath, "/") + "/api/"
if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil { if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil {
log.Error().Err(err).Msg("Unable to render index template") log.Error().Err(err).Msg("Unable to render index template")
@ -55,6 +53,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
// The content type must be guessed by the file server.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
w.Header().Del("Content-Type")
http.FileServerFS(assets).ServeHTTP(w, r) http.FileServerFS(assets).ServeHTTP(w, r)
} }
@ -84,13 +86,11 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error {
router.Methods(http.MethodGet). router.Methods(http.MethodGet).
Path(dashboardPath). Path(dashboardPath).
HandlerFunc(func(w http.ResponseWriter, r *http.Request) { HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// allow iframes from our domains only // Allow iframes from our domains only.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
// The content type must be guessed by the file server. w.Header().Set("Content-Type", "text/html; charset=utf-8")
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
w.Header().Del("Content-Type")
apiPath := strings.TrimSuffix(basePath, "/") + "/api/" apiPath := strings.TrimSuffix(basePath, "/") + "/api/"
if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil { if err = indexTemplate.Execute(w, indexTemplateData{APIUrl: apiPath}); err != nil {
@ -103,7 +103,7 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error {
router.Methods(http.MethodGet). router.Methods(http.MethodGet).
PathPrefix(dashboardPath). PathPrefix(dashboardPath).
HandlerFunc(func(w http.ResponseWriter, r *http.Request) { HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// allow iframes from traefik domains only // Allow iframes from traefik domains only.
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;") w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
@ -113,5 +113,6 @@ func Append(router *mux.Router, basePath string, customAssets fs.FS) error {
http.StripPrefix(dashboardPath, http.FileServerFS(assets)).ServeHTTP(w, r) http.StripPrefix(dashboardPath, http.FileServerFS(assets)).ServeHTTP(w, r)
}) })
return nil return nil
} }