From 4ad7e7d67cdbfadd4304486b24267fec08c316d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20W=C3=BCstenberg?= Date: Wed, 22 Feb 2023 14:24:41 +0100 Subject: [PATCH] Fix function signature of NoClickjacking middleware --- httph.go | 2 +- httph_test.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/httph.go b/httph.go index e6b8160..a41b43e 100644 --- a/httph.go +++ b/httph.go @@ -56,7 +56,7 @@ type Middleware = func(next http.Handler) http.Handler // NoClickjacking is Middleware which sets headers to disallow frame embedding and XSS protection for older browsers. // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection -func NoClickjacking(next http.Handler) http.HandlerFunc { +func NoClickjacking(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-Frame-Options", "deny") w.Header().Set("X-XSS-Protection", "1; mode=block") diff --git a/httph_test.go b/httph_test.go index a4e40b0..46e30c2 100644 --- a/httph_test.go +++ b/httph_test.go @@ -105,10 +105,8 @@ func TestNoClickjacking(t *testing.T) { req := httptest.NewRequest(http.MethodGet, "/", nil) res := httptest.NewRecorder() - mux := http.NewServeMux() - mux.HandleFunc("/", httph.NoClickjacking(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))) - - mux.ServeHTTP(res, req) + h := httph.NoClickjacking(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) + h.ServeHTTP(res, req) is.Equal(t, http.StatusOK, res.Result().StatusCode) is.Equal(t, "deny", res.Result().Header.Get("X-Frame-Options"))