secure

package
v0.5.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2024 License: Apache-2.0 Imports: 2 Imported by: 1

Documentation

Overview

Package secure is middleware that provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks

Index

Constants

This section is empty.

Variables

View Source
var DefaultConfig = Config{
	Enabled:               true,
	Skipper:               middleware.DefaultSkipper,
	XSSProtection:         "1; mode=block",
	ContentTypeNosniff:    "nosniff",
	XFrameOptions:         "SAMEORIGIN",
	HSTSPreloadEnabled:    false,
	HSTSMaxAge:            31536000,
	ContentSecurityPolicy: "default-src 'self'",
	ReferrerPolicy:        "same-origin",
	CSPReportOnly:         false,
}

DefaultConfig struct is a populated config struct that can be referenced if the default konaf configurations are not available

Functions

func Secure

func Secure(conf *Config) echo.MiddlewareFunc

Secure returns a secure middleware with default unless overridden via the config

Types

type Config added in v0.3.6

type Config struct {
	// Enabled indicates if the secure middleware should be enabled
	Enabled bool `json:"enabled" koanf:"enabled" default:"true"`
	// Skipper defines a function to skip middleware
	Skipper middleware.Skipper `json:"-" koanf:"-"`
	// XSSProtection is the value to set the X-XSS-Protection header to - default is 1; mode=block
	XSSProtection string `json:"xssprotection" koanf:"xssprotection" default:"1; mode=block"`
	// ContentTypeNosniff is the value to set the X-Content-Type-Options header to - default is nosniff
	ContentTypeNosniff string `json:"contenttypenosniff" koanf:"contenttypenosniff" default:"nosniff"`
	// XFrameOptions is the value to set the X-Frame-Options header to - default is SAMEORIGIN
	XFrameOptions string `json:"xframeoptions" koanf:"xframeoptions" default:"SAMEORIGIN"`
	// HSTSPreloadEnabled is a boolean to enable HSTS preloading - default is false
	HSTSPreloadEnabled bool `json:"hstspreloadenabled" koanf:"hstspreloadenabled" default:"false"`
	// HSTSMaxAge is the max age to set the HSTS header to - default is 31536000
	HSTSMaxAge int `json:"hstsmaxage" koanf:"hstsmaxage" default:"31536000"`
	// ContentSecurityPolicy is the value to set the Content-Security-Policy header to - default is default-src 'self'
	ContentSecurityPolicy string `json:"contentsecuritypolicy" koanf:"contentsecuritypolicy" default:"default-src 'self'"`
	// ReferrerPolicy is the value to set the Referrer-Policy header to - default is same-origin
	ReferrerPolicy string `json:"referrerpolicy" koanf:"referrerpolicy" default:"same-origin"`
	// CSPReportOnly is a boolean to enable the Content-Security-Policy-Report-Only header - default is false
	CSPReportOnly bool `json:"cspreportonly" koanf:"cspreportonly" default:"false"`
}

Config contains the types used in the mw middleware

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL