security: restrict public access to only login and static assets
This commit is contained in:
@@ -15,11 +15,7 @@ type AccessPolicy struct {
|
||||
func NewAccessPolicy() AccessPolicy {
|
||||
return AccessPolicy{
|
||||
PublicPaths: map[string]struct{}{
|
||||
"/": {},
|
||||
"/login": {},
|
||||
"/search": {},
|
||||
"/api/search": {},
|
||||
"/api/search-quick": {},
|
||||
"/login": {},
|
||||
},
|
||||
PublicHeads: []string{
|
||||
"/static/",
|
||||
|
||||
Reference in New Issue
Block a user