Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

safehttp

package

Go to main page

Versions in this module

v0

v0.0.3

May 14, 2026

v0.0.2

May 13, 2026

v0.0.1

May 13, 2026

Changes in this version

+ var ErrBodyTooLarge = errors.New("safehttp: response body exceeds cap")

+ var ErrCustomPortBlocked = errors.New("safehttp: custom port blocked")

+ var ErrIPLiteral = errors.New("safehttp: ip literal not accepted")

+ var ErrIPPinViolation = errors.New("safehttp: ip-pin violation")

+ var ErrInvalidHost = errors.New("safehttp: invalid host")

+ var ErrInvalidScheme = errors.New("safehttp: invalid scheme")

+ var ErrNoAllowedIP = errors.New("safehttp: no resolvable address for target")

+ var ErrOffHostRedirect = errors.New("safehttp: off-host redirect refused")

+ var ErrPrivateTargetBlocked = errors.New("safehttp: private or reserved target blocked")

+ var ErrTooManyRedirects = errors.New("safehttp: too many redirects")

+ var ErrUserInfo = errors.New("safehttp: userinfo not accepted")

+ func AllowRedirect(target *Target, maxHops int) func(*http.Request, []*http.Request) error

+ func DefaultLookup(ctx context.Context, host string) ([]netip.Addr, error)

+ func NewClient(opts ClientOpts) *http.Client

+ func PinnedDialer(target *Target, timeout time.Duration) *net.Dialer

+ type ClientOpts struct

+ DialTimeout time.Duration

+ FollowRedirects bool

+ MaxBodyBytes int64

+ MaxRedirects int

+ TLSConfig *tls.Config

+ Target *Target

+ Timeout time.Duration

+ type InputPolicy struct

+ AllowCustomPorts bool

+ AllowedSchemes []string

+ DefaultPort int

+ type Limiter struct

+ func NewLimiter(count int, period time.Duration) *Limiter

+ func (l *Limiter) Allow(key string) bool

+ type LookupFunc func(ctx context.Context, host string) ([]netip.Addr, error)

+ type Policy struct

+ AllowPrivate bool

+ Extra []netip.Prefix

+ func (p Policy) IsBlocked(ip netip.Addr) bool

+ type Resolver struct

+ Lookup LookupFunc

+ Policy Policy

+ func (r *Resolver) Resolve(ctx context.Context, v *Validated) (*Target, error)

+ type Target struct

+ Host string

+ IP netip.Addr

+ Port int

+ Scheme string

+ func NewTarget(scheme, host string, port int, ip netip.Addr) (*Target, error)

+ func (t *Target) AddrPort() netip.AddrPort

+ func (t *Target) Address() string

+ func (t *Target) HostPort() string

+ func (t *Target) URL(path string) string

+ type Validated struct

+ Host string

+ Port int

+ Scheme string

+ func ValidateInput(raw string, p InputPolicy) (*Validated, error)