package app import ( "github.com/revel/revel" "strings" ) func init() { // Filters is the default set of global filters. revel.Filters = []revel.Filter{ ContentTypeFilter, revel.PanicFilter, // Recover from panics and display an error page instead. revel.RouterFilter, // Use the routing table to select the right Action revel.FilterConfiguringFilter, // A hook for adding or removing per-Action filters. revel.ParamsFilter, // Parse parameters into Controller.Params. revel.SessionFilter, // Restore and write the session cookie. revel.FlashFilter, // Restore and write the flash cookie. revel.ValidationFilter, // Restore kept validation errors and save new ones from cookie. revel.I18nFilter, // Resolve the requested language HeaderFilter, // Add some security based headers revel.InterceptorFilter, // Run interceptors around the action. revel.CompressFilter, // Compress the result. revel.ActionInvoker, // Invoke the action. } // register startup functions with OnAppStart // ( order dependent ) // revel.OnAppStart(InitDB()) // revel.OnAppStart(FillCache()) } // TODO turn this into revel.HeaderFilter // should probably also have a filter for CSRF // not sure if it can go in the same filter or not var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) { // This was commented out so I could mask the origins with DNS //c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN") // Add some common security headers c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block") c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff") fc[0](c, fc[1:]) // Execute the next filter stage. } var ContentTypeFilter = func(c *revel.Controller, fc []revel.Filter) { path := c.Request.Request.URL.Path formats := []string{"json", "xml"} for _, format := range formats { if strings.HasSuffix(path, "."+format) { trimmed := strings.TrimSuffix(path, "."+format) c.Request.Request.URL.Path = trimmed c.Request.Request.RequestURI = trimmed c.Request.Format = format break } } fc[0](c, fc[1:]) }