Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildCSPHeader ¶
BuildCSPHeader generates a Content-Security-Policy header value.
The returned policy includes the following directives:
- default-src 'self'
- script-src 'self' 'nonce-{nonce}' plus CDN origins for HTMX/Alpine
- style-src 'self' 'unsafe-inline' (required for Tailwind/inline styles)
- img-src 'self' data: https:
- connect-src 'self' (covers SSE and API fetch calls)
- font-src 'self' https:
- frame-src 'none'
- object-src 'none'
If AllowInline is set, 'unsafe-inline' is appended to script-src. This is discouraged in production but can be useful during development.
func GenerateNonce ¶
func GenerateNonce() string
GenerateNonce creates a cryptographically secure random nonce for CSP. The nonce is a 16-byte random value encoded as unpadded base64.
Types ¶
type CSPConfig ¶
type CSPConfig struct {
// Nonce is a cryptographically secure random value included in script-src
// directives. Scripts must include a matching nonce attribute to execute.
Nonce string
// BasePath is the base path for the dashboard. Currently reserved for
// future use in connect-src or frame-ancestors directives.
BasePath string
// AllowInline controls whether 'unsafe-inline' is added to script-src.
// When false (default), only nonced scripts are permitted.
AllowInline bool
}
CSPConfig configures the Content-Security-Policy header.
type CSRFManager ¶
type CSRFManager struct {
// contains filtered or unexported fields
}
CSRFManager handles CSRF token generation and validation. Tokens are produced as HMAC-SHA256(secret, timestamp) + "." + timestamp, where timestamp is the Unix epoch in seconds. Tokens older than one hour are rejected during validation.
func NewCSRFManager ¶
func NewCSRFManager() *CSRFManager
NewCSRFManager creates a new CSRF manager with a cryptographically random secret.
func (*CSRFManager) GenerateToken ¶
func (m *CSRFManager) GenerateToken() string
GenerateToken creates a new CSRF token. The token encodes the current timestamp and an HMAC signature so that it can be verified later without server-side storage.
Token format: hex(HMAC-SHA256(secret, timestamp)) + "." + timestamp
func (*CSRFManager) ValidateToken ¶
func (m *CSRFManager) ValidateToken(token string) bool
ValidateToken validates a CSRF token. A token is valid when:
- It is well-formed (contains exactly one separator).
- The HMAC signature matches the recomputed value.
- The embedded timestamp is no older than csrfMaxAge (1 hour).
type Sanitizer ¶
type Sanitizer struct {
// contains filtered or unexported fields
}
Sanitizer strips potentially dangerous HTML from remote fragments.
func NewSanitizer ¶
func NewSanitizer() *Sanitizer
NewSanitizer creates a new HTML sanitizer. By default, data:image/ URLs are preserved while all other data: URLs are stripped.
func (*Sanitizer) SanitizeFragment ¶
SanitizeFragment sanitizes an HTML fragment from a remote contributor. It removes script tags, event handlers, javascript: URLs, and other dangerous content. The sanitizer preserves data:image/ URLs by default while stripping all other data: scheme URLs.
Source Files