Documentation ¶
Index ¶
- Constants
- type CSPDirective
- type CSPSource
- type ContentSecurityPolicy
- func (csp *ContentSecurityPolicy) Add(directive CSPDirective, sources ...CSPSource)
- func (csp *ContentSecurityPolicy) Empty() bool
- func (csp *ContentSecurityPolicy) Header(w http.ResponseWriter)
- func (csp *ContentSecurityPolicy) Remove(directives ...CSPDirective)
- func (csp *ContentSecurityPolicy) String() string
- type ExpectCT
- type ExpectCTDirective
- type FeaturePolicy
- type FeaturePolicyDirective
- type FeaturePolicyOrigin
- type HSTSDirective
- type Helmet
- type ReferrerPolicy
- type ReferrerPolicyDirective
- type StrictTransportSecurity
- type XContentTypeOptions
- type XDNSPrefetchControl
- type XDownloadOptions
- type XFrameOptions
- type XPermittedCrossDomainPolicies
- type XPoweredBy
- type XXSSProtection
- type XXSSProtectionDirective
Constants ¶
const HeaderContentSecurityPolicy = "Content-Security-Policy"
HeaderContentSecurityPolicy is the Content-Security-Policy HTTP security header.
const HeaderExpectCT = "Expect-CT"
HeaderExpectCT is the Expect-CT HTTP security header.
const HeaderFeaturePolicy = "Feature-Policy"
HeaderFeaturePolicy is the Feature-Policy HTTP security header.
const HeaderReferrerPolicy = "Referrer-Policy"
HeaderReferrerPolicy is the Referrer-Policy HTTP security header.
const HeaderStrictTransportSecurity = "Strict-Transport-Security"
HeaderStrictTransportSecurity is the Strict-Transport-Security HTTP security header.
const HeaderXContentTypeOptions = "X-Content-Type-Options"
HeaderXContentTypeOptions is the X-Content-Type-Options HTTP header.
const HeaderXDNSPrefetchControl = "X-DNS-Prefetch-Control"
HeaderXDNSPrefetchControl is the X-DNS-Prefetch-Control HTTP header.
const HeaderXDownloadOptions = "X-Download-Options"
HeaderXDownloadOptions is the X-Download-Options HTTP header.
const HeaderXFrameOptions = "X-Frame-Options"
HeaderXFrameOptions is the X-Frame-Options HTTP security header.
const HeaderXPermittedCrossDomainPolicies = "X-Permitted-Cross-Domain-Policies"
HeaderXPermittedCrossDomainPolicies is the X-Permitted-Cross-Domain-Policies HTTP security header.
const HeaderXPoweredBy = "X-Powered-By"
HeaderXPoweredBy is the X-Powered-By HTTP security header.
const HeaderXXSSProtection = "X-XSS-Protection"
HeaderXXSSProtection is the X-XSS-Protection HTTP security header.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CSPDirective ¶
type CSPDirective string
CSPDirective represents a Content-Security-Policy directive.
const ( DirectiveChildSrc CSPDirective = "child-src" DirectiveConnectSrc CSPDirective = "connect-src" DirectiveDefaultSrc CSPDirective = "default-src" DirectiveFontSrc CSPDirective = "font-src" DirectiveFrameSrc CSPDirective = "frame-src" DirectiveImgSrc CSPDirective = "img-src" DirectiveManifestSrc CSPDirective = "manifest-src" DirectiveMediaSrc CSPDirective = "media-src" DirectiveObjectSrc CSPDirective = "object-src" DirectivePrefetchSrc CSPDirective = "prefetch-src" DirectiveScriptSrc CSPDirective = "script-src" DirectiveScriptSrcAttr CSPDirective = "script-src-attr" DirectiveScriptSrcElem CSPDirective = "script-src-elem" DirectiveStyleSrc CSPDirective = "style-src" DirectiveStyleSrcAttr CSPDirective = "style-src-attr" DirectiveStyleSrcElem CSPDirective = "style-src-elem" DirectiveWorkerSrc CSPDirective = "worker-src" )
List of all Content-Security-Policy Fetch directives.
const ( DirectiveBaseURI CSPDirective = "base-uri" DirectiveSandbox CSPDirective = "sandbox" )
List of all Content-Security-Policy Document directives.
const ( DirectiveFormAction CSPDirective = "form-action" DirectiveFrameAncestors CSPDirective = "frame-ancestors" )
List of all Content-Security-Policy Navigation directives.
const ( DirectiveReportTo CSPDirective = "report-to" DeprecatedDirectiveReportURI CSPDirective = "report-uri" // use 'report-to' Content-Security-Policy directive instead )
List of all Content-Security-Policy Reporting directives.
const ( DirectiveRequireSriFor CSPDirective = "require-sri-for" DirectiveRequireTrustedTypesFor CSPDirective = "require-trusted-types-for" DirectiveTrustedTypes CSPDirective = "trusted-types" DirectiveUpgradeInsecureRequests CSPDirective = "upgrade-insecure-requests" )
List of all Content-Security-Policy Other directives.
const ( DeprecatedDirectiveBlockAllMixedContent CSPDirective = "block-all-mixed-content" DeprecatedDirectivePluginTypes CSPDirective = "plugin-types" DeprecatedDirectiveReferrer CSPDirective = "referrer" // use 'Referrer-Policy' HTTP header instead )
List of all Content-Security-Policy Deprecated directives.
type CSPSource ¶
type CSPSource string
CSPSource represents a Content-Security-Policy source.
const ( SourceWildcard CSPSource = "*" SourceNone CSPSource = "'none'" SourceSelf CSPSource = "'self'" SourceHTTP CSPSource = "http:" SourceHTTPS CSPSource = "https:" SourceData CSPSource = "data:" SourceMediastream CSPSource = "mediastream:" SourceBlob CSPSource = "blob:" SourceFilesystem CSPSource = "filesystem:" SourceUnsafeAllowRedirects CSPSource = "'unsafe-allow-redirects'" SourceUnsafeEval CSPSource = "'unsafe-eval'" SourceUnsafeHashes CSPSource = "'unsafe-hashes'" SourceUnsafeInline CSPSource = "'unsafe-inline'" SourceStrictDynamic CSPSource = "'strict-dynamic'" SourceReportSample CSPSource = "'report-sample'" )
List of all Content-Security-Policy sources.
const ( DeprecatedReferrerNone CSPSource = "\"none\"" DeprecatedReferrerNoReferrer CSPSource = "\"no-referrer\"" DeprecatedReferrerNoneWhenDowngrade CSPSource = "\"none-when-downgrade\"" DeprecatedReferrerOrigin CSPSource = "\"origin\"" DeprecatedReferrerOriginWhenCrossOrigin CSPSource = "\"origin-when-cross-origin\"" DeprecatedReferrerUnsafeURL CSPSource = "\"unsafe-url\"" )
List of all DeprecatedDirectiveReferrer values.
const ( SandboxAllowDownloads CSPSource = "allow-downloads" SandboxAllowDownloadsWithoutUserActivation CSPSource = "allow-downloads-without-user-activation" SandboxAllowForms CSPSource = "allow-forms" SandboxAllowModals CSPSource = "allow-modals" SandboxAllowOrientationLock CSPSource = "allow-orientation-lock" SandboxAllowPointerLock CSPSource = "allow-pointer-lock" SandboxAllowPopups CSPSource = "allow-popups" SandboxAllowPopupsToEscapeSandbox CSPSource = "allow-popups-to-escape-sandbox" SandboxAllowPresentation CSPSource = "allow-presentation" SandboxAllowSameOrigin CSPSource = "allow-same-origin" SandboxAllowScripts CSPSource = "allow-scripts" SandboxAllowStorageAccessByUserActivatation CSPSource = "allow-storage-access-by-user-activation" )
List of all DirectiveSandbox values.
const (
TrustedTypesAllowDuplicates CSPSource = "allow-duplicates"
)
List of all DirectiveTrustedTypes values.
type ContentSecurityPolicy ¶
type ContentSecurityPolicy struct {
// contains filtered or unexported fields
}
ContentSecurityPolicy represents the Content-Security-Policy HTTP security header.
func EmptyContentSecurityPolicy ¶
func EmptyContentSecurityPolicy() *ContentSecurityPolicy
EmptyContentSecurityPolicy creates a blank slate Content-Security-Policy.
func NewContentSecurityPolicy ¶
func NewContentSecurityPolicy(policies map[CSPDirective][]CSPSource) *ContentSecurityPolicy
NewContentSecurityPolicy creates a new Content-Security-Policy.
func (*ContentSecurityPolicy) Add ¶
func (csp *ContentSecurityPolicy) Add(directive CSPDirective, sources ...CSPSource)
Add adds a directive and its sources.
func (*ContentSecurityPolicy) Empty ¶
func (csp *ContentSecurityPolicy) Empty() bool
Empty returns whether the Content-Security-Policy is empty.
func (*ContentSecurityPolicy) Header ¶
func (csp *ContentSecurityPolicy) Header(w http.ResponseWriter)
Header adds the Content-Security-Policy HTTP security header to the given http.ResponseWriter.
func (*ContentSecurityPolicy) Remove ¶
func (csp *ContentSecurityPolicy) Remove(directives ...CSPDirective)
Remove removes a directive and its sources.
func (*ContentSecurityPolicy) String ¶
func (csp *ContentSecurityPolicy) String() string
String generates the Content-Security-Policy.
type ExpectCT ¶
type ExpectCT struct { MaxAge int // number of seconds that the browser should cache and apply the received policy for Enforce bool // controls whether the browser should enforce the policy or treat it as report-only mode ReportURI string // specifies where the browser should send reports if it does not receive valid CT information // contains filtered or unexported fields }
ExpectCT represents the Expect-CT HTTP security header.
func NewExpectCT ¶
NewExpectCT creates a new Expect-CT.
func (*ExpectCT) Header ¶
func (ect *ExpectCT) Header(w http.ResponseWriter)
Header adds the Expect-CT HTTP security header to the given http.ResponseWriter.
type ExpectCTDirective ¶
type ExpectCTDirective string
ExpectCTDirective represents an Expect-CT directive.
const DirectiveEnforce ExpectCTDirective = "enforce"
DirectiveEnforce is the Expect-CT Enforce directive.
func ExpectCTDirectiveMaxAge ¶
func ExpectCTDirectiveMaxAge(maxAge int) ExpectCTDirective
ExpectCTDirectiveMaxAge is the Expect-CT MaxAge directive.
func ExpectCTDirectiveReportURI ¶
func ExpectCTDirectiveReportURI(reportURI string) ExpectCTDirective
ExpectCTDirectiveReportURI is the Expect-CT ReportURI directive.
type FeaturePolicy ¶
type FeaturePolicy struct {
// contains filtered or unexported fields
}
FeaturePolicy represents the Feature-Policy HTTP security header.
func EmptyFeaturePolicy ¶
func EmptyFeaturePolicy() *FeaturePolicy
EmptyFeaturePolicy creates a blank slate Feature-Policy.
func NewFeaturePolicy ¶
func NewFeaturePolicy(policies map[FeaturePolicyDirective][]FeaturePolicyOrigin) *FeaturePolicy
NewFeaturePolicy creates a new Feature-Policy.
func (*FeaturePolicy) Add ¶
func (fp *FeaturePolicy) Add(directive FeaturePolicyDirective, origins ...FeaturePolicyOrigin)
Add adds a directive and its origins.
func (*FeaturePolicy) Empty ¶
func (fp *FeaturePolicy) Empty() bool
Empty returns whether the Feature-Policy is empty.
func (*FeaturePolicy) Header ¶
func (fp *FeaturePolicy) Header(w http.ResponseWriter)
Header adds the Feature-Policy HTTP security header to the given http.ResponseWriter.
func (*FeaturePolicy) Remove ¶
func (fp *FeaturePolicy) Remove(directives ...FeaturePolicyDirective)
Remove removes a directive and its origins.
func (*FeaturePolicy) String ¶
func (fp *FeaturePolicy) String() string
String generates the Feature-Policy.
type FeaturePolicyDirective ¶
type FeaturePolicyDirective string
FeaturePolicyDirective represents a Feature-Policy directive.
const ( DirectiveAccelerometer FeaturePolicyDirective = "accelerometer" DirectiveAmbientLightSensor FeaturePolicyDirective = "ambient-light-sensor" DirectiveAutoplay FeaturePolicyDirective = "autoplay" DirectiveBattery FeaturePolicyDirective = "battery" DirectiveCamera FeaturePolicyDirective = "camera" DirectiveDisplayCapture FeaturePolicyDirective = "display-capture" DirectiveDocumentDomain FeaturePolicyDirective = "document-domain" DirectiveEncryptedMedia FeaturePolicyDirective = "encrypted-media" DirectiveExecutionWhileNotRendered FeaturePolicyDirective = "execution-while-not-rendered" DirectiveExecutionWhileOutOfViewport FeaturePolicyDirective = "execution-while-out-of-viewport" DirectiveFullscreen FeaturePolicyDirective = "fullscreen" DirectiveGamepad FeaturePolicyDirective = "gamepad" DirectiveGeolocation FeaturePolicyDirective = "geolocation" DirectiveGyroscope FeaturePolicyDirective = "gyroscope" DirectiveMagnetometer FeaturePolicyDirective = "magnetometer" DirectiveMicrophone FeaturePolicyDirective = "microphone" DirectiveMidi FeaturePolicyDirective = "midi" DirectiveOversizedImages FeaturePolicyDirective = "oversized-images" DirectivePayment FeaturePolicyDirective = "payment" DirectivePictureInPicture FeaturePolicyDirective = "picture-in-picture" DirectivePublicKeyCredentialsGet FeaturePolicyDirective = "publickey-credentials-get" DirectiveSpeakerSelection FeaturePolicyDirective = "speaker-selection" DirectiveSyncXHR FeaturePolicyDirective = "sync-xhr" DirectiveUSB FeaturePolicyDirective = "usb" DirectiveScreenWakeLock FeaturePolicyDirective = "screen-wake-lock" DirectiveXRSpacialTracking FeaturePolicyDirective = "xr-spatial-tracking" )
List of all Feature-Policy directives.
const ( NonStandardDirectiveLayoutAnimations FeaturePolicyDirective = "layout-animations" NonStandardDirectiveLegacyImageFormats FeaturePolicyDirective = "legacy-image-formats" NonStandardDirectiveOversizedImages FeaturePolicyDirective = "oversized-images" NonStandardDirectiveUnoptimizedImages FeaturePolicyDirective = "unoptimized-images" NonStandardDirectiveUnsizedMedia FeaturePolicyDirective = "unsized-media" )
deprecated
type FeaturePolicyOrigin ¶
type FeaturePolicyOrigin string
FeaturePolicyOrigin represents a Feature-Policy origin.
const ( OriginWildcard FeaturePolicyOrigin = "*" OriginSelf FeaturePolicyOrigin = "'self'" OriginSrc FeaturePolicyOrigin = "'src'" OriginNone FeaturePolicyOrigin = "'none'" )
List of all Feature-Policy origins.
type HSTSDirective ¶
type HSTSDirective string
HSTSDirective represents a Strict-Transport-Security directive.
const ( DirectiveIncludeSubDomains HSTSDirective = "includeSubDomains" DirectivePreload HSTSDirective = "preload" )
List of all Strict-Transport-Security directives.
func HSTSDirectiveMaxAge ¶
func HSTSDirectiveMaxAge(maxAge int) HSTSDirective
HSTSDirectiveMaxAge is the Strict-Transport-Security MaxAge directive.
type Helmet ¶
type Helmet struct { ContentSecurityPolicy *ContentSecurityPolicy XContentTypeOptions XContentTypeOptions XDNSPrefetchControl XDNSPrefetchControl XDownloadOptions XDownloadOptions ExpectCT *ExpectCT FeaturePolicy *FeaturePolicy XFrameOptions XFrameOptions XPermittedCrossDomainPolicies XPermittedCrossDomainPolicies XPoweredBy *XPoweredBy ReferrerPolicy *ReferrerPolicy StrictTransportSecurity *StrictTransportSecurity XXSSProtection *XXSSProtection }
Helmet is a HTTP security middleware for Go(lang) inspired by HelmetJS for Express.js.
type ReferrerPolicy ¶
type ReferrerPolicy struct {
// contains filtered or unexported fields
}
ReferrerPolicy represents the Referrer-Policy HTTP security header.
func EmptyReferrerPolicy ¶
func EmptyReferrerPolicy() *ReferrerPolicy
EmptyReferrerPolicy creates a blank slate Referrer-Policy.
func NewReferrerPolicy ¶
func NewReferrerPolicy(directives ...ReferrerPolicyDirective) *ReferrerPolicy
NewReferrerPolicy creates a new Referrer-Policy.
func (*ReferrerPolicy) Empty ¶
func (rp *ReferrerPolicy) Empty() bool
Empty returns whether the Referrer-Policy is empty.
func (*ReferrerPolicy) Header ¶
func (rp *ReferrerPolicy) Header(w http.ResponseWriter)
Header adds the Referrer-Policy HTTP header to the given http.ResponseWriter.
func (*ReferrerPolicy) String ¶
func (rp *ReferrerPolicy) String() string
type ReferrerPolicyDirective ¶
type ReferrerPolicyDirective string
ReferrerPolicyDirective represents a Referrer-Policy directive.
const ( DirectiveNoReferrer ReferrerPolicyDirective = "no-referrer" DirectiveNoReferrerWhenDowngrade ReferrerPolicyDirective = "no-referrer-when-downgrade" DirectiveOrigin ReferrerPolicyDirective = "origin" DirectiveOriginWhenCrossOrigin ReferrerPolicyDirective = "origin-when-cross-origin" DirectiveSmaeOrigin ReferrerPolicyDirective = "same-origin" DirectiveStrictOrigin ReferrerPolicyDirective = "strict-origin" DirectiveStrictOriginWhenCrossOrigin ReferrerPolicyDirective = "strict-origin-when-cross-origin" DirectiveUnsafeURL ReferrerPolicyDirective = "unsafe-url" )
X-Frame-Options options.
type StrictTransportSecurity ¶
type StrictTransportSecurity struct { // The time, in seconds, that the browser should remember that a site is only to be accessed using HTTPS. MaxAge int // If this optional parameter is specified, this rule applies to all of the site's subdomains as well. IncludeSubDomains bool // After successfully submitting your domain to Google maintained HSTS preload service, browsers will never connect to your domain using an insecure connection. Preload bool // contains filtered or unexported fields }
StrictTransportSecurity represents the Strict-Transport-Security HTTP security header.
func EmptyStrictTransportSecurity ¶
func EmptyStrictTransportSecurity() *StrictTransportSecurity
EmptyStrictTransportSecurity creates a blank slate Strict-Transport-Security.
func NewStrictTransportSecurity ¶
func NewStrictTransportSecurity(maxAge int, includeSubDomains bool, preload bool) *StrictTransportSecurity
NewStrictTransportSecurity creates a new Strict-Transport-Security.
func (*StrictTransportSecurity) Empty ¶
func (hsts *StrictTransportSecurity) Empty() bool
Empty returns whether the Strict-Transport-Security is empty.
func (*StrictTransportSecurity) Header ¶
func (hsts *StrictTransportSecurity) Header(w http.ResponseWriter)
Header adds the Strict-Transport-Security HTTP security header to the given http.ResponseWriter.
func (*StrictTransportSecurity) String ¶
func (hsts *StrictTransportSecurity) String() string
type XContentTypeOptions ¶
type XContentTypeOptions string
XContentTypeOptions represents the X-Content-Type-Options HTTP security header.
const XContentTypeOptionsNoSniff XContentTypeOptions = "nosniff"
XContentTypeOptionsNoSniff represents the X-Content-Type-Options No Sniff option.
func (XContentTypeOptions) Empty ¶
func (xcto XContentTypeOptions) Empty() bool
Empty returns whether the X-Content-Type-Options is empty.
func (XContentTypeOptions) Header ¶
func (xcto XContentTypeOptions) Header(w http.ResponseWriter)
Header adds the X-Content-Type-Options HTTP security header to the given http.ResponseWriter.
func (XContentTypeOptions) String ¶
func (xcto XContentTypeOptions) String() string
type XDNSPrefetchControl ¶
type XDNSPrefetchControl string
XDNSPrefetchControl represents the X-DNS-Prefetch-Control HTTP security header.
const ( XDNSPrefetchControlOn XDNSPrefetchControl = "on" XDNSPrefetchControlOff XDNSPrefetchControl = "off" )
X-DNS-Prefetch-Control options.
func (XDNSPrefetchControl) Empty ¶
func (dns XDNSPrefetchControl) Empty() bool
Empty returns whether the X-DNS-Prefetch-Control is empty.
func (XDNSPrefetchControl) Header ¶
func (dns XDNSPrefetchControl) Header(w http.ResponseWriter)
Header adds the X-DNS-Prefetch-Control HTTP security header to the given http.ResponseWriter.
func (XDNSPrefetchControl) String ¶
func (dns XDNSPrefetchControl) String() string
type XDownloadOptions ¶
type XDownloadOptions string
XDownloadOptions represents the X-Download-Options HTTP security header.
const XDownloadOptionsNoOpen XDownloadOptions = "noopen"
XDownloadOptionsNoOpen represents the X-Download-Options No Open option.
func (XDownloadOptions) Empty ¶
func (xdo XDownloadOptions) Empty() bool
Empty returns whether the X-Download-Options is empty.
func (XDownloadOptions) Header ¶
func (xdo XDownloadOptions) Header(w http.ResponseWriter)
Header adds the X-Download-Options HTTP security header to the given http.ResponseWriter.
func (XDownloadOptions) String ¶
func (xdo XDownloadOptions) String() string
type XFrameOptions ¶
type XFrameOptions string
XFrameOptions represents the X-Frame-Options HTTP security header.
const ( XFrameOptionsDeny XFrameOptions = "DENY" XFrameOptionsSameOrigin XFrameOptions = "SAMEORIGIN" )
X-Frame-Options options.
func (XFrameOptions) Empty ¶
func (xfo XFrameOptions) Empty() bool
Empty returns whether the X-Frame-Options is empty.
func (XFrameOptions) Header ¶
func (xfo XFrameOptions) Header(w http.ResponseWriter)
Header adds the X-Frame-Options HTTP header to the given http.ResponseWriter.
func (XFrameOptions) String ¶
func (xfo XFrameOptions) String() string
type XPermittedCrossDomainPolicies ¶
type XPermittedCrossDomainPolicies string
XPermittedCrossDomainPolicies represents the X-Permitted-Cross-Domain-Policies HTTP security header.
const ( PermittedCrossDomainPoliciesNone XPermittedCrossDomainPolicies = "none" PermittedCrossDomainPoliciesMasterOnly XPermittedCrossDomainPolicies = "master-only" PermittedCrossDomainPoliciesByContentType XPermittedCrossDomainPolicies = "by-content-type" PermittedCrossDomainPoliciesByFTPFilename XPermittedCrossDomainPolicies = "by-ftp-filename" PermittedCrossDomainPoliciesAll XPermittedCrossDomainPolicies = "all" )
X-Permitted-Cross-Domain-Policies options.
func (XPermittedCrossDomainPolicies) Empty ¶
func (cdp XPermittedCrossDomainPolicies) Empty() bool
Empty returns whether the X-Permitted-Cross-Domain-Policies is empty.
func (XPermittedCrossDomainPolicies) Header ¶
func (cdp XPermittedCrossDomainPolicies) Header(w http.ResponseWriter)
Header adds the X-DNS-Prefetch-Control HTTP security header to the given http.ResponseWriter.
func (XPermittedCrossDomainPolicies) String ¶
func (cdp XPermittedCrossDomainPolicies) String() string
type XPoweredBy ¶
XPoweredBy represents the X-Powered-By HTTP security header.
func EmptyXPoweredBy ¶
func EmptyXPoweredBy() *XPoweredBy
EmptyXPoweredBy creates a blank slate XPoweredBy.
func NewXPoweredBy ¶
func NewXPoweredBy(hide bool, replacement string) *XPoweredBy
NewXPoweredBy creates a new XPoweredBy.
func (XPoweredBy) Empty ¶
func (xpb XPoweredBy) Empty() bool
Empty returns whether the X-Powered-By is empty.
func (XPoweredBy) Header ¶
func (xpb XPoweredBy) Header(w http.ResponseWriter)
Header adds the X-Powered-By HTTP security header to the given http.ResponseWriter.
type XXSSProtection ¶
type XXSSProtection struct { XSSFiltering bool Mode XXSSProtectionDirective ReportURI string // contains filtered or unexported fields }
XXSSProtection represents the X-XSS-Protection HTTP security header.
func EmptyXXSSProtection ¶
func EmptyXXSSProtection() *XXSSProtection
EmptyXXSSProtection creates a blank slate X-XSS-Protection.
func NewXXSSProtection ¶
func NewXXSSProtection(xssFiltering bool, mode XXSSProtectionDirective, reportURI string) *XXSSProtection
NewXXSSProtection creates a new X-XSS-Protection.
func (*XXSSProtection) Empty ¶
func (xssp *XXSSProtection) Empty() bool
Empty returns whether the X-XSS-Protection is empty.
func (*XXSSProtection) Header ¶
func (xssp *XXSSProtection) Header(w http.ResponseWriter)
Header adds the X-XSS-Protection HTTP security header to the given http.ResponseWriter.
func (*XXSSProtection) String ¶
func (xssp *XXSSProtection) String() string
type XXSSProtectionDirective ¶
type XXSSProtectionDirective string
XXSSProtectionDirective represents an X-XSS-Protection directive.
const DirectiveModeBlock XXSSProtectionDirective = "mode=block"
DirectiveModeBlock is the X-XSS-Protection mode=block directive.
func XXSSProtectionDirectiveReportURI ¶
func XXSSProtectionDirectiveReportURI(reportURI string) XXSSProtectionDirective
XXSSProtectionDirectiveReportURI is the X-XSS-Protection ReportURI directive.
func XXSSProtectionDirectiveXSSFiltering ¶
func XXSSProtectionDirectiveXSSFiltering(xssFiltering bool) XXSSProtectionDirective
XXSSProtectionDirectiveXSSFiltering is the X-XSS-Protection XSSFiltering directive.