security

package

v0.1.3 Latest Latest Go to latest Published: Aug 22, 2024 License: MIT Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/teamwork/middleware

Links

Open Source Insights

Documentation ¶

Overview ¶

Package security adds various security-related headers.

Index ¶

Variables
func WithConfig(config Config, rootDomain string) func(http.Handler) http.Handler
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultConfig = Config{
	XFrameOptions:           "SAMEORIGIN",
	StrictTransportSecurity: "max-age=2592000",
	XContentTypeOptions:     true,
}

DefaultConfig is the default Security middleware config.

Functions ¶

func WithConfig ¶

func WithConfig(config Config, rootDomain string) func(http.Handler) http.Handler

WithConfig returns a Security middleware from config.

Types ¶

type Config ¶

type Config struct {
	// XFrameOptions controls where this site can be displayed in a frame.
	//
	// DENY
	//     The page cannot be displayed in a frame, regardless of the site
	//     attempting to do so.
	// SAMEORIGIN
	//     The page can only be displayed in a frame on the same origin as the
	//     page itself.
	// ALLOW-FROM uri
	//     The page can only be displayed in a frame on the specified origin.
	//
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
	XFrameOptions string

	// StrictTransportSecurity makes sure that browsers only communicate over
	// https. It will only be set if the host matches the root domain.
	//
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
	StrictTransportSecurity string

	// XContentTypeOptions makes sure that browsers don't auto-guess the
	// Content-Type, preventing certain attacks.
	//
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
	XContentTypeOptions bool

	// ContentSecurityPolicy controls which JS and CSS resources can be run,
	// preventing XSS attacks
	//
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
	ContentSecurityPolicy map[string][]string

	// ContentSecurityPolicyReportOnly is like the CSP header, but only reports
	// violations and doesn't block anything, which is useful for testing new
	// policies.
	ContentSecurityPolicyReportOnly map[string][]string

	// ReferrerPolicy allows us to make sure we don't leak possibly sensitive
	// paths or query parameters to other sites.
	//
	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	ReferrerPolicy string
}

Config defines the config for Security middleware.

Source Files ¶

View all Source files

security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL