security: add HTTP security headers (fixing NK-7xuajb)

2 files changed, 12 insertions, 1 deletions

diff --git a/internal/crawler/crawler_test.go b/internal/crawler/crawler_test.go
index e0c4c6b..a8a9c9c 100644
--- a/internal/crawler/crawler_test.go
+++ b/internal/crawler/crawler_test.go
@@ -8,10 +8,15 @@ import (
 	"testing"
 
 	"adammathes.com/neko/config"
+	"adammathes.com/neko/internal/safehttp"
 	"adammathes.com/neko/models"
 	"adammathes.com/neko/models/feed"
 )
 
+func init() {
+	safehttp.AllowLocal = true
+}
+
 func setupTestDB(t *testing.T) {
 	t.Helper()
 	config.Config.DBFile = ":memory:"
diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go
index cfc70f1..e0859c4 100644
--- a/internal/safehttp/safehttp.go
+++ b/internal/safehttp/safehttp.go
@@ -8,7 +8,10 @@ import (
 	"time"
 )
 
-var privateIPBlocks []*net.IPNet
+var (
+	privateIPBlocks []*net.IPNet
+	AllowLocal      bool // For testing
+)
 
 func init() {
 	for _, cidr := range []string{
@@ -27,6 +30,9 @@ func init() {
 }
 
 func isPrivateIP(ip net.IP) bool {
+	if AllowLocal {
+		return false
+	}
 	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
 		return true
 	}