Documentation
¶
Index ¶
- func Accepts(r *http.Request, accepted ...string) bool
- func Attributes(r *http.Request) map[string]any
- func DisallowNonNavigationalRequests(next http.Handler) http.Handler
- func HasSecFetchMetadata(r *http.Request) bool
- func IsNavigationRequest(r *http.Request) bool
- func Transport() http.RoundTripper
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Attributes ¶
Attributes returns a map of interesting properties for the request.
func DisallowNonNavigationalRequests ¶
DisallowNonNavigationalRequests checks if the request is non-navigational, and if so, responds with a 401. We do this to separate between redirects for browser navigation and redirects for resource requests.
This should only be used for endpoints that are only supposed to be _navigated to_ from a browser. The 401 response prevents redirecting non-navigation requests to the identity provider, which usually results in a CORS error for typical Fetch or XHR requests from the browser.
This depends on the presence of the Fetch metadata headers, mostly present in modern browsers. For compatibility with older browsers, requests without these headers are still allowed to pass through.
func HasSecFetchMetadata ¶
func IsNavigationRequest ¶
IsNavigationRequest checks if the request is a navigation request by using Sec-Fetch headers. This is used to separate between redirects for browser navigation and redirects for resource requests (e.g., Fetch or XHR). We fall back to checking the Accept header if the browser doesn't support fetch metadata.
func Transport ¶
func Transport() http.RoundTripper
Types ¶
This section is empty.
Source Files