Documentation ¶
Index ¶
- Constants
- Variables
- func AddTrailingSlash() echo.MiddlewareFunc
- func AddTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc
- func BasicAuth(fn BasicAuthValidator) echo.MiddlewareFunc
- func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc
- func BodyLimit(limit string) echo.MiddlewareFunc
- func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc
- func CORS() echo.MiddlewareFunc
- func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc
- func CSRF() echo.MiddlewareFunc
- func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc
- func DefaultSkipper(echo.Context) bool
- func Gzip() echo.MiddlewareFunc
- func GzipWithConfig(config GzipConfig) echo.MiddlewareFunc
- func HTTPSNonWWWRedirect() echo.MiddlewareFunc
- func HTTPSNonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
- func HTTPSRedirect() echo.MiddlewareFunc
- func HTTPSRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
- func HTTPSWWWRedirect() echo.MiddlewareFunc
- func HTTPSWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
- func JWT(key []byte) echo.MiddlewareFunc
- func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc
- func KeyAuth(fn KeyAuthValidator) echo.MiddlewareFunc
- func KeyAuthWithConfig(config KeyAuthConfig) echo.MiddlewareFunc
- func Logger() echo.MiddlewareFunc
- func LoggerWithConfig(config LoggerConfig) echo.MiddlewareFunc
- func MethodOverride() echo.MiddlewareFunc
- func MethodOverrideWithConfig(config MethodOverrideConfig) echo.MiddlewareFunc
- func NonWWWRedirect() echo.MiddlewareFunc
- func NonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
- func Recover() echo.MiddlewareFunc
- func RecoverWithConfig(config RecoverConfig) echo.MiddlewareFunc
- func RemoveTrailingSlash() echo.MiddlewareFunc
- func RemoveTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc
- func RequestID() echo.MiddlewareFunc
- func RequestIDWithConfig(config RequestIDConfig) echo.MiddlewareFunc
- func Secure() echo.MiddlewareFunc
- func SecureWithConfig(config SecureConfig) echo.MiddlewareFunc
- func Static(root string) echo.MiddlewareFunc
- func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc
- func WWWRedirect() echo.MiddlewareFunc
- func WWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
- type BasicAuthConfig
- type BasicAuthValidator
- type BodyLimitConfig
- type CORSConfig
- type CSRFConfig
- type GzipConfig
- type JWTConfig
- type KeyAuthConfig
- type KeyAuthValidator
- type LoggerConfig
- type MethodOverrideConfig
- type MethodOverrideGetter
- type RecoverConfig
- type RedirectConfig
- type RequestIDConfig
- type SecureConfig
- type Skipper
- type StaticConfig
- type TrailingSlashConfig
Constants ¶
const (
AlgorithmHS256 = "HS256"
)
Algorithms
Variables ¶
var ( // DefaultBasicAuthConfig is the default BasicAuth middleware config. DefaultBasicAuthConfig = BasicAuthConfig{ Skipper: DefaultSkipper, Realm: defaultRealm, } )
var ( // DefaultBodyLimitConfig is the default Gzip middleware config. DefaultBodyLimitConfig = BodyLimitConfig{ Skipper: DefaultSkipper, } )
var ( // DefaultCORSConfig is the default CORS middleware config. DefaultCORSConfig = CORSConfig{ Skipper: DefaultSkipper, AllowOrigins: []string{"*"}, AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE}, } )
var ( // DefaultCSRFConfig is the default CSRF middleware config. DefaultCSRFConfig = CSRFConfig{ Skipper: DefaultSkipper, TokenLength: 32, TokenLookup: "header:" + echo.HeaderXCSRFToken, ContextKey: "csrf", CookieName: "_csrf", CookieMaxAge: 86400, } )
var ( // DefaultGzipConfig is the default Gzip middleware config. DefaultGzipConfig = GzipConfig{ Skipper: DefaultSkipper, Level: -1, } )
var ( // DefaultJWTConfig is the default JWT auth middleware config. DefaultJWTConfig = JWTConfig{ Skipper: DefaultSkipper, SigningMethod: AlgorithmHS256, ContextKey: "user", TokenLookup: "header:" + echo.HeaderAuthorization, AuthScheme: "Bearer", Claims: jwt.MapClaims{}, } )
var ( // DefaultKeyAuthConfig is the default KeyAuth middleware config. DefaultKeyAuthConfig = KeyAuthConfig{ Skipper: DefaultSkipper, KeyLookup: "header:" + echo.HeaderAuthorization, AuthScheme: "Bearer", } )
var ( // DefaultLoggerConfig is the default Logger middleware config. DefaultLoggerConfig = LoggerConfig{ Skipper: DefaultSkipper, Format: `{"time":"${time_rfc3339_nano}","id":"${id}","remote_ip":"${remote_ip}","host":"${host}",` + `"method":"${method}","uri":"${uri}","status":${status}, "latency":${latency},` + `"latency_human":"${latency_human}","bytes_in":${bytes_in},` + `"bytes_out":${bytes_out}}` + "\n", Output: os.Stdout, // contains filtered or unexported fields } )
var ( // DefaultMethodOverrideConfig is the default MethodOverride middleware config. DefaultMethodOverrideConfig = MethodOverrideConfig{ Skipper: DefaultSkipper, Getter: MethodFromHeader(echo.HeaderXHTTPMethodOverride), } )
var ( // DefaultRecoverConfig is the default Recover middleware config. DefaultRecoverConfig = RecoverConfig{ Skipper: DefaultSkipper, StackSize: 4 << 10, DisableStackAll: false, DisablePrintStack: false, } )
var ( // DefaultRedirectConfig is the default Redirect middleware config. DefaultRedirectConfig = RedirectConfig{ Skipper: DefaultSkipper, Code: http.StatusMovedPermanently, } )
var ( // DefaultRequestIDConfig is the default RequestID middleware config. DefaultRequestIDConfig = RequestIDConfig{ Skipper: DefaultSkipper, Generator: generator, } )
var ( // DefaultSecureConfig is the default Secure middleware config. DefaultSecureConfig = SecureConfig{ Skipper: DefaultSkipper, XSSProtection: "1; mode=block", ContentTypeNosniff: "nosniff", XFrameOptions: "SAMEORIGIN", } )
var ( // DefaultStaticConfig is the default Static middleware config. DefaultStaticConfig = StaticConfig{ Skipper: DefaultSkipper, Index: "index.html", } )
var ( // DefaultTrailingSlashConfig is the default TrailingSlash middleware config. DefaultTrailingSlashConfig = TrailingSlashConfig{ Skipper: DefaultSkipper, } )
Functions ¶
func AddTrailingSlash ¶
func AddTrailingSlash() echo.MiddlewareFunc
AddTrailingSlash returns a root level (before router) middleware which adds a trailing slash to the request `URL#Path`.
Usage `Echo#Pre(AddTrailingSlash())`
func AddTrailingSlashWithConfig ¶
func AddTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc
AddTrailingSlashWithConfig returns a AddTrailingSlash middleware with config. See `AddTrailingSlash()`.
func BasicAuth ¶
func BasicAuth(fn BasicAuthValidator) echo.MiddlewareFunc
BasicAuth returns an BasicAuth middleware.
For valid credentials it calls the next handler. For missing or invalid credentials, it sends "401 - Unauthorized" response.
func BasicAuthWithConfig ¶
func BasicAuthWithConfig(config BasicAuthConfig) echo.MiddlewareFunc
BasicAuthWithConfig returns an BasicAuth middleware with config. See `BasicAuth()`.
func BodyLimit ¶
func BodyLimit(limit string) echo.MiddlewareFunc
BodyLimit returns a BodyLimit middleware.
BodyLimit middleware sets the maximum allowed size for a request body, if the size exceeds the configured limit, it sends "413 - Request Entity Too Large" response. The BodyLimit is determined based on both `Content-Length` request header and actual content read, which makes it super secure. Limit can be specified as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P.
func BodyLimitWithConfig ¶
func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc
BodyLimitWithConfig returns a BodyLimit middleware with config. See: `BodyLimit()`.
func CORS ¶
func CORS() echo.MiddlewareFunc
CORS returns a Cross-Origin Resource Sharing (CORS) middleware. See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS
func CORSWithConfig ¶
func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc
CORSWithConfig returns a CORS middleware with config. See: `CORS()`.
func CSRF ¶
func CSRF() echo.MiddlewareFunc
CSRF returns a Cross-Site Request Forgery (CSRF) middleware. See: https://en.wikipedia.org/wiki/Cross-site_request_forgery
func CSRFWithConfig ¶
func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc
CSRFWithConfig returns a CSRF middleware with config. See `CSRF()`.
func DefaultSkipper ¶
DefaultSkipper returns false which processes the middleware.
func Gzip ¶ added in v0.0.13
func Gzip() echo.MiddlewareFunc
Gzip returns a middleware which compresses HTTP response using gzip compression scheme.
func GzipWithConfig ¶
func GzipWithConfig(config GzipConfig) echo.MiddlewareFunc
GzipWithConfig return Gzip middleware with config. See: `Gzip()`.
func HTTPSNonWWWRedirect ¶
func HTTPSNonWWWRedirect() echo.MiddlewareFunc
HTTPSNonWWWRedirect redirects http requests to https non www. For example, http://www.labstack.com will be redirect to https://labstack.com.
Usage `Echo#Pre(HTTPSNonWWWRedirect())`
func HTTPSNonWWWRedirectWithConfig ¶
func HTTPSNonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
HTTPSNonWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSNonWWWRedirect()`.
func HTTPSRedirect ¶
func HTTPSRedirect() echo.MiddlewareFunc
HTTPSRedirect redirects http requests to https. For example, http://labstack.com will be redirect to https://labstack.com.
Usage `Echo#Pre(HTTPSRedirect())`
func HTTPSRedirectWithConfig ¶
func HTTPSRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
HTTPSRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSRedirect()`.
func HTTPSWWWRedirect ¶
func HTTPSWWWRedirect() echo.MiddlewareFunc
HTTPSWWWRedirect redirects http requests to https www. For example, http://labstack.com will be redirect to https://www.labstack.com.
Usage `Echo#Pre(HTTPSWWWRedirect())`
func HTTPSWWWRedirectWithConfig ¶
func HTTPSWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
HTTPSWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `HTTPSWWWRedirect()`.
func JWT ¶
func JWT(key []byte) echo.MiddlewareFunc
JWT returns a JSON Web Token (JWT) auth middleware.
For valid token, it sets the user in context and calls next handler. For invalid token, it returns "401 - Unauthorized" error. For missing token, it returns "400 - Bad Request" error.
See: https://jwt.io/introduction See `JWTConfig.TokenLookup`
func JWTWithConfig ¶
func JWTWithConfig(config JWTConfig) echo.MiddlewareFunc
JWTWithConfig returns a JWT auth middleware with config. See: `JWT()`.
func KeyAuth ¶
func KeyAuth(fn KeyAuthValidator) echo.MiddlewareFunc
KeyAuth returns an KeyAuth middleware.
For valid key it calls the next handler. For invalid key, it sends "401 - Unauthorized" response. For missing key, it sends "400 - Bad Request" response.
func KeyAuthWithConfig ¶
func KeyAuthWithConfig(config KeyAuthConfig) echo.MiddlewareFunc
KeyAuthWithConfig returns an KeyAuth middleware with config. See `KeyAuth()`.
func Logger ¶
func Logger() echo.MiddlewareFunc
Logger returns a middleware that logs HTTP requests.
func LoggerWithConfig ¶
func LoggerWithConfig(config LoggerConfig) echo.MiddlewareFunc
LoggerWithConfig returns a Logger middleware with config. See: `Logger()`.
func MethodOverride ¶
func MethodOverride() echo.MiddlewareFunc
MethodOverride returns a MethodOverride middleware. MethodOverride middleware checks for the overridden method from the request and uses it instead of the original method.
For security reasons, only `POST` method can be overridden.
func MethodOverrideWithConfig ¶
func MethodOverrideWithConfig(config MethodOverrideConfig) echo.MiddlewareFunc
MethodOverrideWithConfig returns a MethodOverride middleware with config. See: `MethodOverride()`.
func NonWWWRedirect ¶
func NonWWWRedirect() echo.MiddlewareFunc
NonWWWRedirect redirects www requests to non www. For example, http://www.labstack.com will be redirect to http://labstack.com.
Usage `Echo#Pre(NonWWWRedirect())`
func NonWWWRedirectWithConfig ¶
func NonWWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
NonWWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `NonWWWRedirect()`.
func Recover ¶ added in v0.0.13
func Recover() echo.MiddlewareFunc
Recover returns a middleware which recovers from panics anywhere in the chain and handles the control to the centralized HTTPErrorHandler.
func RecoverWithConfig ¶
func RecoverWithConfig(config RecoverConfig) echo.MiddlewareFunc
RecoverWithConfig returns a Recover middleware with config. See: `Recover()`.
func RemoveTrailingSlash ¶
func RemoveTrailingSlash() echo.MiddlewareFunc
RemoveTrailingSlash returns a root level (before router) middleware which removes a trailing slash from the request URI.
Usage `Echo#Pre(RemoveTrailingSlash())`
func RemoveTrailingSlashWithConfig ¶
func RemoveTrailingSlashWithConfig(config TrailingSlashConfig) echo.MiddlewareFunc
RemoveTrailingSlashWithConfig returns a RemoveTrailingSlash middleware with config. See `RemoveTrailingSlash()`.
func RequestIDWithConfig ¶
func RequestIDWithConfig(config RequestIDConfig) echo.MiddlewareFunc
RequestIDWithConfig returns a X-Request-ID middleware with config.
func Secure ¶
func Secure() echo.MiddlewareFunc
Secure returns a Secure middleware. Secure middleware provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks.
func SecureWithConfig ¶
func SecureWithConfig(config SecureConfig) echo.MiddlewareFunc
SecureWithConfig returns a Secure middleware with config. See: `Secure()`.
func Static ¶
func Static(root string) echo.MiddlewareFunc
Static returns a Static middleware to serves static content from the provided root directory.
func StaticWithConfig ¶
func StaticWithConfig(config StaticConfig) echo.MiddlewareFunc
StaticWithConfig returns a Static middleware with config. See `Static()`.
func WWWRedirect ¶
func WWWRedirect() echo.MiddlewareFunc
WWWRedirect redirects non www requests to www. For example, http://labstack.com will be redirect to http://www.labstack.com.
Usage `Echo#Pre(WWWRedirect())`
func WWWRedirectWithConfig ¶
func WWWRedirectWithConfig(config RedirectConfig) echo.MiddlewareFunc
WWWRedirectWithConfig returns an HTTPSRedirect middleware with config. See `WWWRedirect()`.
Types ¶
type BasicAuthConfig ¶
type BasicAuthConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Validator is a function to validate BasicAuth credentials. // Required. Validator BasicAuthValidator // Realm is a string to define realm attribute of BasicAuth. // Default value "Restricted". Realm string }
BasicAuthConfig defines the config for BasicAuth middleware.
type BasicAuthValidator ¶
BasicAuthValidator defines a function to validate BasicAuth credentials.
type BodyLimitConfig ¶
type BodyLimitConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Maximum allowed size for a request body, it can be specified // as `4x` or `4xB`, where x is one of the multiple from K, M, G, T or P. Limit string `json:"limit"` // contains filtered or unexported fields }
BodyLimitConfig defines the config for BodyLimit middleware.
type CORSConfig ¶
type CORSConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // AllowOrigin defines a list of origins that may access the resource. // Optional. Default value []string{"*"}. AllowOrigins []string `json:"allow_origins"` // AllowMethods defines a list methods allowed when accessing the resource. // This is used in response to a preflight request. // Optional. Default value DefaultCORSConfig.AllowMethods. AllowMethods []string `json:"allow_methods"` // AllowHeaders defines a list of request headers that can be used when // making the actual request. This in response to a preflight request. // Optional. Default value []string{}. AllowHeaders []string `json:"allow_headers"` // AllowCredentials indicates whether or not the response to the request // can be exposed when the credentials flag is true. When used as part of // a response to a preflight request, this indicates whether or not the // actual request can be made using credentials. // Optional. Default value false. AllowCredentials bool `json:"allow_credentials"` // ExposeHeaders defines a whitelist headers that clients are allowed to // access. // Optional. Default value []string{}. ExposeHeaders []string `json:"expose_headers"` // MaxAge indicates how long (in seconds) the results of a preflight request // can be cached. // Optional. Default value 0. MaxAge int `json:"max_age"` }
CORSConfig defines the config for CORS middleware.
type CSRFConfig ¶
type CSRFConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // TokenLength is the length of the generated token. TokenLength uint8 `json:"token_length"` // TokenLookup is a string in the form of "<source>:<key>" that is used // to extract token from the request. // Optional. Default value "header:X-CSRF-Token". // Possible values: // - "header:<name>" // - "form:<name>" // - "query:<name>" TokenLookup string `json:"token_lookup"` // Context key to store generated CSRF token into context. // Optional. Default value "csrf". ContextKey string `json:"context_key"` // Name of the CSRF cookie. This cookie will store CSRF token. // Optional. Default value "csrf". CookieName string `json:"cookie_name"` // Domain of the CSRF cookie. // Optional. Default value none. CookieDomain string `json:"cookie_domain"` // Path of the CSRF cookie. // Optional. Default value none. CookiePath string `json:"cookie_path"` // Max age (in seconds) of the CSRF cookie. // Optional. Default value 86400 (24hr). CookieMaxAge int `json:"cookie_max_age"` // Indicates if CSRF cookie is secure. // Optional. Default value false. CookieSecure bool `json:"cookie_secure"` // Indicates if CSRF cookie is HTTP only. // Optional. Default value false. CookieHTTPOnly bool `json:"cookie_http_only"` }
CSRFConfig defines the config for CSRF middleware.
type GzipConfig ¶
type GzipConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Gzip compression level. // Optional. Default value -1. Level int `json:"level"` }
GzipConfig defines the config for Gzip middleware.
type JWTConfig ¶
type JWTConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Signing key to validate token. // Required. SigningKey interface{} // Signing method, used to check token signing method. // Optional. Default value HS256. SigningMethod string // Context key to store user information from the token into context. // Optional. Default value "user". ContextKey string // Claims are extendable claims data defining token content. // Optional. Default value jwt.MapClaims Claims jwt.Claims // TokenLookup is a string in the form of "<source>:<name>" that is used // to extract token from the request. // Optional. Default value "header:Authorization". // Possible values: // - "header:<name>" // - "query:<name>" // - "cookie:<name>" TokenLookup string // AuthScheme to be used in the Authorization header. // Optional. Default value "Bearer". AuthScheme string // contains filtered or unexported fields }
JWTConfig defines the config for JWT middleware.
type KeyAuthConfig ¶
type KeyAuthConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // KeyLookup is a string in the form of "<source>:<name>" that is used // to extract key from the request. // Optional. Default value "header:Authorization". // Possible values: // - "header:<name>" // - "query:<name>" KeyLookup string `json:"key_lookup"` // AuthScheme to be used in the Authorization header. // Optional. Default value "Bearer". AuthScheme string // Validator is a function to validate key. // Required. Validator KeyAuthValidator }
KeyAuthConfig defines the config for KeyAuth middleware.
type KeyAuthValidator ¶
KeyAuthValidator defines a function to validate KeyAuth credentials.
type LoggerConfig ¶
type LoggerConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Tags to constructed the logger format. // // - time_unix // - time_unix_nano // - time_rfc3339 // - time_rfc3339_nano // - id (Request ID) // - remote_ip // - uri // - host // - method // - path // - referer // - user_agent // - status // - latency (In nanoseconds) // - latency_human (Human readable) // - bytes_in (Bytes received) // - bytes_out (Bytes sent) // - header:<NAME> // - query:<NAME> // - form:<NAME> // // Example "${remote_ip} ${status}" // // Optional. Default value DefaultLoggerConfig.Format. Format string `json:"format"` // Output is a writer where logs in JSON format are written. // Optional. Default value os.Stdout. Output io.Writer // contains filtered or unexported fields }
LoggerConfig defines the config for Logger middleware.
type MethodOverrideConfig ¶
type MethodOverrideConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Getter is a function that gets overridden method from the request. // Optional. Default values MethodFromHeader(echo.HeaderXHTTPMethodOverride). Getter MethodOverrideGetter }
MethodOverrideConfig defines the config for MethodOverride middleware.
type MethodOverrideGetter ¶
MethodOverrideGetter is a function that gets overridden method from the request
func MethodFromForm ¶
func MethodFromForm(param string) MethodOverrideGetter
MethodFromForm is a `MethodOverrideGetter` that gets overridden method from the form parameter.
func MethodFromHeader ¶
func MethodFromHeader(header string) MethodOverrideGetter
MethodFromHeader is a `MethodOverrideGetter` that gets overridden method from the request header.
func MethodFromQuery ¶
func MethodFromQuery(param string) MethodOverrideGetter
MethodFromQuery is a `MethodOverrideGetter` that gets overridden method from the query parameter.
type RecoverConfig ¶
type RecoverConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Size of the stack to be printed. // Optional. Default value 4KB. StackSize int `json:"stack_size"` // DisableStackAll disables formatting stack traces of all other goroutines // into buffer after the trace for the current goroutine. // Optional. Default value false. DisableStackAll bool `json:"disable_stack_all"` // DisablePrintStack disables printing stack trace. // Optional. Default value as false. DisablePrintStack bool `json:"disable_print_stack"` }
RecoverConfig defines the config for Recover middleware.
type RedirectConfig ¶
type RedirectConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Status code to be used when redirecting the request. // Optional. Default value http.StatusMovedPermanently. Code int `json:"code"` }
RedirectConfig defines the config for Redirect middleware.
type RequestIDConfig ¶
type RequestIDConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Generator defines a function to generate an ID. // Optional. Default value random.String(32). Generator func() string }
RequestIDConfig defines the config for RequestID middleware.
type SecureConfig ¶
type SecureConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // XSSProtection provides protection against cross-site scripting attack (XSS) // by setting the `X-XSS-Protection` header. // Optional. Default value "1; mode=block". XSSProtection string `json:"xss_protection"` // ContentTypeNosniff provides protection against overriding Content-Type // header by setting the `X-Content-Type-Options` header. // Optional. Default value "nosniff". ContentTypeNosniff string `json:"content_type_nosniff"` // XFrameOptions can be used to indicate whether or not a browser should // be allowed to render a page in a <frame>, <iframe> or <object> . // Sites can use this to avoid clickjacking attacks, by ensuring that their // content is not embedded into other sites.provides protection against // clickjacking. // Optional. Default value "SAMEORIGIN". // Possible values: // - "SAMEORIGIN" - The page can only be displayed in a frame on the same origin as the page itself. // - "DENY" - The page cannot be displayed in a frame, regardless of the site attempting to do so. // - "ALLOW-FROM uri" - The page can only be displayed in a frame on the specified origin. XFrameOptions string `json:"x_frame_options"` // HSTSMaxAge sets the `Strict-Transport-Security` header to indicate how // long (in seconds) browsers should remember that this site is only to // be accessed using HTTPS. This reduces your exposure to some SSL-stripping // man-in-the-middle (MITM) attacks. // Optional. Default value 0. HSTSMaxAge int `json:"hsts_max_age"` // HSTSExcludeSubdomains won't include subdomains tag in the `Strict Transport Security` // header, excluding all subdomains from security policy. It has no effect // unless HSTSMaxAge is set to a non-zero value. // Optional. Default value false. HSTSExcludeSubdomains bool `json:"hsts_exclude_subdomains"` // ContentSecurityPolicy sets the `Content-Security-Policy` header providing // security against cross-site scripting (XSS), clickjacking and other code // injection attacks resulting from execution of malicious content in the // trusted web page context. // Optional. Default value "". ContentSecurityPolicy string `json:"content_security_policy"` }
SecureConfig defines the config for Secure middleware.
type Skipper ¶
Skipper defines a function to skip middleware. Returning true skips processing the middleware.
type StaticConfig ¶
type StaticConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Root directory from where the static content is served. // Required. Root string `json:"root"` // Index file for serving a directory. // Optional. Default value "index.html". Index string `json:"index"` // Enable HTML5 mode by forwarding all not-found requests to root so that // SPA (single-page application) can handle the routing. // Optional. Default value false. HTML5 bool `json:"html5"` // Enable directory browsing. // Optional. Default value false. Browse bool `json:"browse"` }
StaticConfig defines the config for Static middleware.
type TrailingSlashConfig ¶
type TrailingSlashConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper // Status code to be used when redirecting the request. // Optional, but when provided the request is redirected using this code. RedirectCode int `json:"redirect_code"` }
TrailingSlashConfig defines the config for TrailingSlash middleware.