headers

Documentation

Overview

Package headers provides utilities for setting various headers

Index

• Constants
• func DoNotCache(w http.ResponseWriter)
• func Funcs(funcs template.FuncMap, r *http.Request) template.FuncMap
• func SecurityHeaders(w http.ResponseWriter, r *http.Request) *http.Request
• func SecurityHeadersHandler(next http.Handler) http.Handler

Constants

const CspNonceCtxkey cspNonceCtxKey = "CspNonceCtxkey"

Functions

func DoNotCache

func DoNotCache(w http.ResponseWriter)

DoNotCache tells the browser to never cache the page being rendered. Performance will take a hit because the server must serve more requests, but sometimes it is vital that the data on a page stays fresh. Examples include the browser almost always displaying a cached result of the page when a user presses the back button, potentially displaying to the user stale data. Using DoNotCache will force the browser to request the server for a new page everytime, never caching it.

TL;DR use this for data-sensitive pages where data updates regularly and it is not acceptable to show outdated information.

func Funcs

func Funcs(funcs template.FuncMap, r *http.Request) template.FuncMap

func SecurityHeaders

func SecurityHeaders(w http.ResponseWriter, r *http.Request) *http.Request

SecurityHeaders sets headers related to security to every outgoing response. The most relevant policy you might be interested in is Content-Security-Policy, which whitelists URLs that the site is able to access js/css/images from. This means all CDNs that we are using (e.g. bootstrap, jquery, javascript/css libraries) must be explicitly mentioned here, or they will be blocked by the browser.

For more information about security related headers take a look at https://scotthelme.co.uk/introducing-securityheaders-io/

func SecurityHeadersHandler

func SecurityHeadersHandler(next http.Handler) http.Handler

SecurityHeadersHandler is a http.Handler middleware wrapper around SecurityHeaders.