secure

package

v0.5.2 Latest Latest Go to latest Published: May 17, 2024 License: Apache-2.0 Imports: 2 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/datumforge/datum

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secure is middleware that provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks

Index ¶

Variables
func Secure(conf *Config) echo.MiddlewareFunc
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultConfig = Config{
	Enabled:               true,
	Skipper:               middleware.DefaultSkipper,
	XSSProtection:         "1; mode=block",
	ContentTypeNosniff:    "nosniff",
	XFrameOptions:         "SAMEORIGIN",
	HSTSPreloadEnabled:    false,
	HSTSMaxAge:            31536000,
	ContentSecurityPolicy: "default-src 'self'",
	ReferrerPolicy:        "same-origin",
	CSPReportOnly:         false,
}

DefaultConfig struct is a populated config struct that can be referenced if the default konaf configurations are not available

Functions ¶

func Secure ¶

func Secure(conf *Config) echo.MiddlewareFunc

Secure returns a secure middleware with default unless overridden via the config

Types ¶

type Config ¶ added in v0.3.6

type Config struct {
	// Enabled indicates if the secure middleware should be enabled
	Enabled bool `json:"enabled" koanf:"enabled" default:"true"`
	// Skipper defines a function to skip middleware
	Skipper middleware.Skipper `json:"-" koanf:"-"`
	// XSSProtection is the value to set the X-XSS-Protection header to - default is 1; mode=block
	XSSProtection string `json:"xssprotection" koanf:"xssprotection" default:"1; mode=block"`
	// ContentTypeNosniff is the value to set the X-Content-Type-Options header to - default is nosniff
	ContentTypeNosniff string `json:"contenttypenosniff" koanf:"contenttypenosniff" default:"nosniff"`
	// XFrameOptions is the value to set the X-Frame-Options header to - default is SAMEORIGIN
	XFrameOptions string `json:"xframeoptions" koanf:"xframeoptions" default:"SAMEORIGIN"`
	// HSTSPreloadEnabled is a boolean to enable HSTS preloading - default is false
	HSTSPreloadEnabled bool `json:"hstspreloadenabled" koanf:"hstspreloadenabled" default:"false"`
	// HSTSMaxAge is the max age to set the HSTS header to - default is 31536000
	HSTSMaxAge int `json:"hstsmaxage" koanf:"hstsmaxage" default:"31536000"`
	// ContentSecurityPolicy is the value to set the Content-Security-Policy header to - default is default-src 'self'
	ContentSecurityPolicy string `json:"contentsecuritypolicy" koanf:"contentsecuritypolicy" default:"default-src 'self'"`
	// ReferrerPolicy is the value to set the Referrer-Policy header to - default is same-origin
	ReferrerPolicy string `json:"referrerpolicy" koanf:"referrerpolicy" default:"same-origin"`
	// CSPReportOnly is a boolean to enable the Content-Security-Policy-Report-Only header - default is false
	CSPReportOnly bool `json:"cspreportonly" koanf:"cspreportonly" default:"false"`
}

Config contains the types used in the mw middleware

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL