security: add HTTP security headers (fixing NK-7xuajb)

author: Adam Mathes <adam@adammathes.com> 2026-02-14 09:20:40 -0800
committer: Adam Mathes <adam@adammathes.com> 2026-02-14 09:20:40 -0800
commit: 08032aab10f0e1429d25ecae1acf6c40d63e9ff4 (patch)
tree: b4f89ec2deabb7c6bc3237d300512f1af92ea67c /internal/safehttp/safehttp.go
parent: 17117617017aba1f29a1f6c8939cdc7c1fd94438 (diff)
download: neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.tar.gz
neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.tar.bz2
neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go
index cfc70f1..e0859c4 100644
--- a/internal/safehttp/safehttp.go
+++ b/internal/safehttp/safehttp.go
@@ -8,7 +8,10 @@ import (
 	"time"
 )
 
-var privateIPBlocks []*net.IPNet
+var (
+	privateIPBlocks []*net.IPNet
+	AllowLocal      bool // For testing
+)
 
 func init() {
 	for _, cidr := range []string{
@@ -27,6 +30,9 @@ func init() {
 }
 
 func isPrivateIP(ip net.IP) bool {
+	if AllowLocal {
+		return false
+	}
 	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
 		return true
 	}
author	Adam Mathes <adam@adammathes.com>	2026-02-14 09:20:40 -0800
committer	Adam Mathes <adam@adammathes.com>	2026-02-14 09:20:40 -0800
commit	08032aab10f0e1429d25ecae1acf6c40d63e9ff4 (patch)
tree	b4f89ec2deabb7c6bc3237d300512f1af92ea67c /internal/safehttp/safehttp.go
parent	17117617017aba1f29a1f6c8939cdc7c1fd94438 (diff)
download	neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.tar.gz neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.tar.bz2 neko-08032aab10f0e1429d25ecae1acf6c40d63e9ff4.zip