package app import "github.com/revel/revel" import "github.com/mikkolehtisalo/revel/cachesession" import "github.com/mikkolehtisalo/revel/gssserver" import "github.com/mikkolehtisalo/revel/ldapuserdetails" import "github.com/cbonello/revel-csrf" func init() { // Filters is the default set of global filters. revel.Filters = []revel.Filter{ revel.PanicFilter, // Recover from panics and display an error page instead. revel.RouterFilter, // Use the routing table to select the right Action revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters. revel.ParamsFilter, // Parse parameters into Controller.Params. cachesession.CacheSessionFilter, // Use cache based session implementation. gssserver.GSSServerFilter, // GSSAPI authentication ldapuserdetails.UserDetailsLoadFilter, // Load user details from LDAP revel.FlashFilter, // Restore and write the flash cookie. csrf.CSRFFilter, // CSRF prevention. revel.ValidationFilter, // Restore kept validation errors and save new ones from cookie. revel.I18nFilter, // Resolve the requested language HeaderFilter, // Add some security based headers revel.InterceptorFilter, // Run interceptors around the action. revel.CompressFilter, // Compress the result. revel.ActionInvoker, // Invoke the action. } // register startup functions with OnAppStart // ( order dependent ) // revel.OnAppStart(InitDB()) // revel.OnAppStart(FillCache()) } // TODO turn this into revel.HeaderFilter // should probably also have a filter for CSRF // not sure if it can go in the same filter or not var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) { // Add some common security headers c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN") c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block") c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff") fc[0](c, fc[1:]) // Execute the next filter stage. }