authorization

package
v0.0.0-...-07e1512 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2020 License: BSD-2-Clause Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSRFProtector

func CSRFProtector(allowedOrigins []string) func(http.Handler) http.Handler

CSRFProtector adds a CSRF protection middleware to the chain if the program is not running in development mode.

func CSRFTokenHeader

func CSRFTokenHeader(w http.ResponseWriter, r *http.Request)

CSRFTokenHeader writes masked CSRF token in a HTTP response header.

func ServerAuthorizer

func ServerAuthorizer(tc *tls.Config, allowedOrigins []string) func(http.Handler) http.Handler

ServerAuthorizer uses two models to authorize incoming requests:

  • if the request comes from a trusted client authenticated using mutual TLS, it is authorized.
  • if the request comes from a web browser (directly or via a single-page application), it is authorized only if it meets CORS middleware prerequisites (which depend on the development mode setting and the configuration of the application).
  • if none of the above methods authorized the request, it is denied.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL