Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

safehttp

package module

Go to main page

Versions in this module

v1

v1.0.0

May 21, 2026

Changes in this version

+ var ErrBlocked = errors.New("safehttp: blocked request")

+ var ErrBlockedAddress = errors.New("safehttp: blocked address")

+ var ErrBlockedCredentials = errors.New("safehttp: blocked credentials")

+ var ErrBlockedHost = errors.New("safehttp: blocked host")

+ var ErrBlockedHostHeader = errors.New("safehttp: blocked host header")

+ var ErrBlockedMethod = errors.New("safehttp: blocked method")

+ var ErrBlockedNetwork = errors.New("safehttp: blocked network")

+ var ErrBlockedPort = errors.New("safehttp: blocked port")

+ var ErrBlockedRedirect = errors.New("safehttp: blocked redirect")

+ var ErrBlockedScheme = errors.New("safehttp: blocked scheme")

+ var ErrBlockedTransport = errors.New("safehttp: blocked transport")

+ var ErrInvalidURL = errors.New("safehttp: invalid url")

+ func NewClient(opts ...Option) (*http.Client, error)

+ func NewTransport(base *http.Transport, opts ...Option) (http.RoundTripper, error)

+ type BlockError struct

+ Addr netip.AddrPort

+ Host string

+ Method string

+ Port uint16

+ Reason string

+ Rule string

+ Scheme string

+ URL string

+ func (e *BlockError) Error() string

+ func (e *BlockError) Is(target error) bool

+ func (e *BlockError) Unwrap() error

+ type Guard struct

+ func NewGuard(opts ...Option) (*Guard, error)

+ func (g *Guard) CheckAddr(network string, addr netip.AddrPort) error

+ func (g *Guard) CheckRedirect(req *http.Request, via []*http.Request) error

+ func (g *Guard) CheckRequest(req *http.Request) error

+ func (g *Guard) CheckURL(u *url.URL) error

+ func (g *Guard) ControlContext(_ context.Context, network, address string, _ syscall.RawConn) error

+ type Option func(*options) error

+ func AllowCIDRs(cidrs ...string) Option

+ func AllowCredentials() Option

+ func AllowCustomHostHeader() Option

+ func AllowHosts(hosts ...string) Option

+ func AllowMethods(methods ...string) Option

+ func AllowPorts(ports ...uint16) Option

+ func AllowPrefixes(prefixes ...netip.Prefix) Option

+ func AllowSchemes(schemes ...string) Option

+ func ClientTimeout(timeout time.Duration) Option

+ func DenyCIDRs(cidrs ...string) Option

+ func DenyPrefixes(prefixes ...netip.Prefix) Option

+ func Dialer(dialer *net.Dialer) Option

+ func MaxRedirects(n int) Option

+ func MaxResponseBytes(n int64) Option

+ func MaxResponseHeaderBytes(n int64) Option

+ func NoRedirects() Option