Documentation ¶
Overview ¶
Package secure is a middleware for Martini that helps enable some quick security wins.
package main import ( "github.com/codegangsta/martini" "github.com/codegangsta/martini-contrib/secure" ) func main() { m := martini.Classic() m.Use(secure.Secure(secure.Options{ AllowedHosts: []string{"www.example.com", "sub.example.com"}, SSLRedirect: true, })) m.Get("/", func() string { return "Hello World" }) m.Run() }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Options ¶
type Options struct { // AllowedHosts is a list of fully qualified domain names that are allowed. Default is empty list, which allows any and all host names. AllowedHosts []string // If SSLRedirect is set to true, then only allow https requests. Default is false. SSLRedirect bool // SSLHost is the host name that is used to redirect http requests to https. Default is "", which indicates to use the same host. SSLHost string // SSLProxyHeaders is set of header keys with associated values that would indicate a valid https request. Useful when using Nginx: `map[string]string{"X-Forwarded-Proto": "https"}`. Default is blank map. SSLProxyHeaders map[string]string // STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header. STSSeconds int64 // If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false. STSIncludeSubdomains bool // If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is false. FrameDeny bool // CustomFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value. This overrides the FrameDeny option. CustomFrameOptionsValue string // If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is false. ContentTypeNosniff bool // If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is false. BrowserXssFilter bool // ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "". ContentSecurityPolicy string // When developing, the SSL and STS options can cause some unwanted effects. Usually testing happens on http, not https... we check `if martini.Env == martini.Prod`. // If you would like your development environment to mimic production with complete SSL redirects and STS headers, set this to true. Default if false. DisableProdCheck bool }
Options is a struct for specifying configuration options for the secure.Secure middleware.
Click to show internal directories.
Click to hide internal directories.