Documentation
¶
Overview ¶
Package staticheaders provides a safehttp.Interceptor which sets security sensitive headers on every response.
X-Content-Type-Options: nosniff - tells browsers to not to sniff the Content-Type of responses (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options).
X-XSS-Protection: 0 - tells the browser to disable any built in XSS filters. These built in XSS filters are unnecessary when other, stronger, protections are available and can introduce cross-site leaks vulnerabilities (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection).
Usage ¶
Install an instance of Interceptor using safehttp.ServerMux.Install.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Interceptor ¶
type Interceptor struct{}
Interceptor claims and sets static headers on responses. The zero value is valid and ready to use.
func (Interceptor) Before ¶
func (Interceptor) Before(w safehttp.ResponseWriter, r *safehttp.IncomingRequest, _ safehttp.InterceptorConfig) safehttp.Result
Before claims and sets the following headers:
- X-Content-Type-Options: nosniff
- X-XSS-Protection: 0
func (Interceptor) Commit ¶
func (Interceptor) Commit(w safehttp.ResponseHeadersWriter, r *safehttp.IncomingRequest, resp safehttp.Response, _ safehttp.InterceptorConfig)
Commit is a no-op, required to satisfy the safehttp.Interceptor interface.
func (Interceptor) Match ¶
func (Interceptor) Match(safehttp.InterceptorConfig) bool
Match returns false since there are no supported configurations.
Source Files