middleware

package
v0.0.0-...-e6a8880 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2025 License: MIT Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	YearDuration = 365 * 24 * 60 * 60

	// EmbedderDefault default value will be "require-corp"
	EmbedderRequireCorp    Embedder = "require-corp"
	EmbedderCredentialLess Embedder = "credentialless"
	EmbedderUnsafeNone     Embedder = "unsafe-none"

	// OpenerDefault default value will be "same-origin"
	OpenerSameOrigin            Opener = "same-origin"
	OpenerSameOriginAllowPopups Opener = "same-origin-allow-popups"
	OpenerUnsafeNone            Opener = "unsafe-none"

	// ResourceDefault default value will be "same-origin"
	ResourceSameOrigin  Resource = "same-origin"
	ResourceSameSite    Resource = "same-site"
	ResourceCrossOrigin Resource = "cross-origin"

	NoReferrer                  Referrer = "no-referrer"
	NoReferrerWhenDowngrade     Referrer = "no-referrer-when-downgrade"
	SameOrigin                  Referrer = "same-origin"
	Origin                      Referrer = "origin"
	StrictOrigin                Referrer = "strict-origin"
	OriginWhenCrossOrigin       Referrer = "origin-when-cross-origin"
	StrictOriginWhenCrossOrigin Referrer = "strict-origin-when-cross-origin"
	UnsafeUrl                   Referrer = "unsafe-url"

	// CDPDefault default value is  "none"
	CDPNone          CDP = "none"
	CDPMasterOnly    CDP = "master-only"
	CDPByContentType CDP = "by-content-type"
	CDPAll           CDP = "all"

	// XFrameDefault default value will be "sameorigin"
	XFrameSameOrigin XFrame = "sameorigin"
	XFrameDeny       XFrame = "deny"
)

Variables

This section is empty.

Functions

func CORS 

func CORS(opts CORSOption) func(http.Handler) http.Handler

CORS provides Cross-Origin Resource Sharing middleware. Example: 

import (
    "net/http"
    "gitserver.in/patialtech/mux/middleware"
    "gitserver.in/patialtech/mux"
)

func main() {
	r := mux.NewRouter()
	r.Use(middleware.CORS(middleware.CORSOption{
		AllowedOrigins: []string{"*"},
		MaxAge:         60,
	}))

	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("hello there"))
	})

	r.Serve(func(srv *http.Server) error {
		srv.Addr = ":3001"
		slog.Info("listening on http://localhost" + srv.Addr)
		return srv.ListenAndServe()
	})
}

func Helmet 

func Helmet(opt HelmetOption) func(http.Handler) http.Handler

Helmet headers to secure server response

Types

type CDP 

type CDP string

CDP Cross-Domain-Policy

type CORSOption 

type CORSOption struct {
	// AllowedOrigins list, including "*" will allow all
	AllowedOrigins []string

	// AllowedHeaders are a list of headers clients are allowed to use with.
	// default: []string{"Accept", "Accept-Language", "Content-Language", "Origin"}
	AllowedHeaders []string

	// AllowedMethods are a list of methods clients are allowed to use.
	//
	// default: []string{"HEAD", "GET", "POST"}
	AllowedMethods []string

	ExposedHeaders []string
	// MaxAge in seconds, max allowed value is 600
	MaxAge           uint
	AllowCredentials bool
}

CORSOption represents a functional option for configuring the CORS middleware.

type CSP 

type CSP struct {
	// default-src, default value will be 'self'
	DefaultSrc []string
	// script-src,  default value will be 'self'
	ScriptSrc []string
	// script-src-attr, default value will be 'none'
	ScriptSrcAttr []string
	// style-src, default value will be 'self' https: 'unsafe-inline'
	StyleSrc []string
	// img-src, default value will be 'self' data:
	ImgSrc []string
	// object-src, default value will be 'none'
	ObjectSrc []string
	// base-uri, default value will be 'self'
	BaseUri []string
	// font-src, default value will be 'self' https: data:
	FontSrc []string
	// form-action, default value will be 'self'
	FormAction []string
	// frame-ancestors, default value will be 'self'
	FrameAncestors []string

	UpgradeInsecureRequests bool
}

CSP is Content-Security-Policy settings

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources

type Embedder 

type Embedder string

type HelmetOption 

type HelmetOption struct {
	ContentSecurityPolicy CSP

	StrictTransportSecurity *TransportSecurity

	// "require-corp" will be the default policy
	CrossOriginEmbedderPolicy Embedder

	// "same-origin" will be the default policy
	CrossOriginOpenerPolicy Opener

	// "same-origin" will be the default policy
	CrossOriginResourcePolicy Resource

	// "no-referrer" will be the default policy
	ReferrerPolicy []Referrer

	OriginAgentCluster bool

	// set true to remove header "X-Content-Type-Options"
	DisableSniffMimeType bool

	// set true for header "X-DNS-Prefetch-Control: off"
	//
	// default is "X-DNS-Prefetch-Control: on"
	DisableDNSPrefetch bool

	// set true to remove header "X-Download-Options: noopen"
	DisableXDownload bool

	// X-Frame-Options
	XFrameOption XFrame

	// X-Permitted-Cross-Domain-Policies
	//
	// default value will be "none"
	CrossDomainPolicies CDP

	// X-XSS-Protection
	//
	// default is off
	XssProtection bool
}

type Opener 

type Opener string

type OriginValidator 

type OriginValidator func(string) bool

OriginValidator takes an origin string and returns whether that origin is allowed.

type Referrer 

type Referrer string

type Resource 

type Resource string

type TransportSecurity 

type TransportSecurity struct {
	// Age in seconts
	MaxAge            uint
	IncludeSubDomains bool
	Preload           bool
}

type XFrame 

type XFrame string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.