Documentation ¶
Overview ¶
Package security adds various security-related headers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultConfig = Config{ XFrameOptions: "SAMEORIGIN", StrictTransportSecurity: "max-age=2592000", XContentTypeOptions: true, }
DefaultConfig is the default Security middleware config.
Functions ¶
Types ¶
type Config ¶
type Config struct { // XFrameOptions controls where this site can be displayed in a frame. // // DENY // The page cannot be displayed in a frame, regardless of the site // attempting to do so. // SAMEORIGIN // The page can only be displayed in a frame on the same origin as the // page itself. // ALLOW-FROM uri // The page can only be displayed in a frame on the specified origin. // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options XFrameOptions string // StrictTransportSecurity makes sure that browsers only communicate over // https. It will only be set if the host matches the root domain. // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security StrictTransportSecurity string // XContentTypeOptions makes sure that browsers don't auto-guess the // Content-Type, preventing certain attacks. // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options XContentTypeOptions bool // ContentSecurityPolicy controls which JS and CSS resources can be run, // preventing XSS attacks // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ContentSecurityPolicy map[string][]string // ContentSecurityPolicyReportOnly is like the CSP header, but only reports // violations and doesn't block anything, which is useful for testing new // policies. ContentSecurityPolicyReportOnly map[string][]string // ReferrerPolicy allows us to make sure we don't leak possibly sensitive // paths or query parameters to other sites. // // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy ReferrerPolicy string }
Config defines the config for Security middleware.
Click to show internal directories.
Click to hide internal directories.