unsafeframing

package
v0.0.0-...-7bfb722 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package unsafeframing can be used to disable Framing protections on specific handler registration.

Usage of this package should require a security review.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Allow 

func Allow(reason string, reportOnly bool, hostnames ...string) internalunsafeframing.AllowList

Allow permits to specify a set of hostnames (with potential wildcards) that will be able to frame the site.

Wildcards must follow the CSP specification: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors.

If reportOnly is true the policy will be set to Report-Only, which provides not security benefit but can be used to detect potential breakages.

Please note that this option is only supported by browsers that support CSP: older browsers will end up allowing all origins to frame the site. See support table here: https://caniuse.com/mdn-http_headers_csp_content-security-policy_frame-ancestors.

func Disable 

func Disable(reason string, skipReports bool) internalunsafeframing.Disable

Disable turns framing protections to report-only where supported, otherwise turns them off. If skipReports is true, all protections will be turned completely off.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.