security: restrict public access to only login and static assets
This commit is contained in:
@@ -15,11 +15,7 @@ type AccessPolicy struct {
|
|||||||
func NewAccessPolicy() AccessPolicy {
|
func NewAccessPolicy() AccessPolicy {
|
||||||
return AccessPolicy{
|
return AccessPolicy{
|
||||||
PublicPaths: map[string]struct{}{
|
PublicPaths: map[string]struct{}{
|
||||||
"/": {},
|
|
||||||
"/login": {},
|
"/login": {},
|
||||||
"/search": {},
|
|
||||||
"/api/search": {},
|
|
||||||
"/api/search-quick": {},
|
|
||||||
},
|
},
|
||||||
PublicHeads: []string{
|
PublicHeads: []string{
|
||||||
"/static/",
|
"/static/",
|
||||||
|
|||||||
Reference in New Issue
Block a user