web

package
v0.0.0-...-70ff0f2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 30, 2025 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package web is an example package maintained by security experts in a development team.

This makes it possible to restrict the usage of net/http package methods used for starting an HTTP server, providing a safe way to do it instead.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewMuxConfig 

func NewMuxConfig(addr string) *safehttp.ServeMuxConfig

NewMuxConfig returns a ServeMuxConfig with a set of interceptors already installed for security reasons. These include:

  • Cross-Origin-Opener-Policy
  • Content-Security-Policy
  • Fetch Metadata
  • HSTS
  • CORS
  • Host checking (against DNS rebinding and request smuggling)

Warning: XSRF protection is currently missing due to https://github.com/google/go-safeweb/issues/171.

func NewMuxConfigDev 

func NewMuxConfigDev(port int) *safehttp.ServeMuxConfig

NewMuxConfigDev returns a ServeMuxConfig with a set of interceptors already installed for security reasons. These include:

  • Cross-Origin-Opener-Policy
  • Content-Security-Policy
  • Fetch Metadata
  • Host checking (against DNS rebinding and request smuggling)

It DOES NOT include HSTS or CORS, as these are difficult to setup in a development environment.

Important: the host checking plugin will accept only requests coming to localhost:port, not e.g. 127.0.0.1:port.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.