helmet

package module

v0.0.0-...-1387e22 Latest Latest Go to latest Published: Nov 8, 2017 License: MIT Imports: 4 Imported by: 52

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/danielkov/gin-helmet

Links

Open Source Insights

README ¶

Gin Helmet

Security middlewares for Gin (gin-gonic/gin) inspired by the popular helmet middleware package for Node JS express and koa.

Usage

Add the Default middleware for basic security measures.

s := gin.New()
s.Use(helmet.Default())

You can also add each middleware separately:

s.Use(helmet.NoCache())

Those not included in the Default() middleware are considered more advanced and require consideration before using.

See the godoc for more info and examples.

Documentation ¶

Index ¶

func ContentSecurityPolicy(opt map[string]string, legacy bool) gin.HandlerFunc
func DNSPrefetchControl() gin.HandlerFunc
func Default() (gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, ...)
func ExpectCT(maxAge int, enforce bool, reportURI ...string) gin.HandlerFunc
func FrameGuard(opt ...string) gin.HandlerFunc
func IENoOpen() gin.HandlerFunc
func NoCache() gin.HandlerFunc
func NoSniff() gin.HandlerFunc
func Referrer(opt ...string) gin.HandlerFunc
func SetHPKP(keys []string, maxAge int, sub bool, reportURI ...string) gin.HandlerFunc
func SetHSTS(sub bool, opt ...int) gin.HandlerFunc
func XSSFilter() gin.HandlerFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ContentSecurityPolicy ¶

func ContentSecurityPolicy(opt map[string]string, legacy bool) gin.HandlerFunc

ContentSecurityPolicy sets a header which will restrict your browser to only allow certain sources for assets on your website The function accepts a map of its parameters which are appended to the header so you can control which headers should be set The second parameter of the function is a boolean, which set to true will tell the handler to also set legacy headers, like those that work in older versions of Chrome and Firefox.

Example usage:

    opts := map[string]string{
	    "default-src": "'self'",
	    "img-src": "*",
	    "media-src": "media1.com media2.com",
	    "script-src": "userscripts.example.com"
    }
	s.Use(helmet.ContentSecurityPolicy(opts, true))

See [Content Security Policy on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) for more info.

func DNSPrefetchControl ¶

func DNSPrefetchControl() gin.HandlerFunc

DNSPrefetchControl sets Prefetch Control header to prevent browser from prefetching DNS

func Default ¶

func Default() (gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc)

Default returns a number of handlers that are advised to use for basic HTTP(s) protection

func ExpectCT ¶

func ExpectCT(maxAge int, enforce bool, reportURI ...string) gin.HandlerFunc

ExpectCT sets Certificate Transparency header which can enforce that you're using a Certificate which is ready for the upcoming Chrome requirements policy. The function accepts a maxAge int which is the TTL for the policy in delta seconds, an enforce boolean, which simply adds an enforce directive to the policy (otherwise it's report-only mode) and a optional reportUri, which is the URI to which report information is sent when the policy is violated.

func FrameGuard ¶

func FrameGuard(opt ...string) gin.HandlerFunc

FrameGuard sets Frame Options header to deny to prevent content from the website to be served in an iframe

func IENoOpen ¶

func IENoOpen() gin.HandlerFunc

IENoOpen sets Download Options header for Internet Explorer to prevent it from executing downloads in the site's context

func NoCache ¶

func NoCache() gin.HandlerFunc

NoCache obliterates cache options by setting a number of headers. This prevents the browser from storing your assets in cache

func NoSniff ¶

func NoSniff() gin.HandlerFunc

NoSniff applies header to protect your server from MimeType Sniffing

func Referrer ¶

func Referrer(opt ...string) gin.HandlerFunc

Referrer sets the Referrer Policy header to prevent the browser from sending data from your website to another one upon navigation an optional string can be provided to set the policy to something else other than "no-referrer".

func SetHPKP ¶

func SetHPKP(keys []string, maxAge int, sub bool, reportURI ...string) gin.HandlerFunc

SetHPKP sets HTTP Public Key Pinning for your server. It is not necessarily a great thing to set this without proper knowledge of what this does. [Read here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) otherwise you may likely end up DoS-ing your own server and domain. The function accepts a map of directives and their values according to specifications.

Example usage:

keys := []string{"cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=", "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="}
r := gin.New()
r.Use(SetHPKP(keys, 5184000, true, "domain.com"))

func SetHSTS ¶

func SetHSTS(sub bool, opt ...int) gin.HandlerFunc

SetHSTS Sets Strict Transport Security header to the default of 60 days an optional integer may be added as a parameter to set the amount in seconds

func XSSFilter ¶

func XSSFilter() gin.HandlerFunc

XSSFilter applies very minimal XSS protection via setting the XSS Protection header on

Types ¶

This section is empty.

Source Files ¶

View all Source files

helmet.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL