From 08032aab10f0e1429d25ecae1acf6c40d63e9ff4 Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Sat, 14 Feb 2026 09:20:40 -0800
Subject: security: add HTTP security headers (fixing NK-7xuajb)

---
 internal/safehttp/safehttp.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'internal/safehttp/safehttp.go')

diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go
index cfc70f1..e0859c4 100644
--- a/internal/safehttp/safehttp.go
+++ b/internal/safehttp/safehttp.go
@@ -8,7 +8,10 @@ import (
 	"time"
 )
 
-var privateIPBlocks []*net.IPNet
+var (
+	privateIPBlocks []*net.IPNet
+	AllowLocal      bool // For testing
+)
 
 func init() {
 	for _, cidr := range []string{
@@ -27,6 +30,9 @@ func init() {
 }
 
 func isPrivateIP(ip net.IP) bool {
+	if AllowLocal {
+		return false
+	}
 	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
 		return true
 	}
-- 
cgit v1.2.3