Documentation
¶
Index ¶
- func New(opts ...Option) app.HandlerFunc
- type Option
- func WithAllowedHosts(ss []string) Option
- func WithBadHostHandler(handler app.HandlerFunc) Option
- func WithBrowserXssFilter(b bool) Option
- func WithContentSecurityPolicy(s string) Option
- func WithContentTypeNosniff(b bool) Option
- func WithCustomFrameOptionsValue(s string) Option
- func WithDontRedirectIPV4Hostnames(b bool) Option
- func WithFeaturePolicy(s string) Option
- func WithFrameDeny(b bool) Option
- func WithIENoOpen(b bool) Option
- func WithIsDevelopment(b bool) Option
- func WithReferrerPolicy(s string) Option
- func WithSSLHost(s string) Option
- func WithSSLProxyHeaders(m map[string]string) Option
- func WithSSLRedirect(b bool) Option
- func WithSSLTemporaryRedirect(b bool) Option
- func WithSTSIncludeSubdomains(b bool) Option
- func WithSTSSecond(sec int64) Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New(opts ...Option) app.HandlerFunc
New creates an instance of the secure middleware using the specified configuration. router.Use(secure.N)
Types ¶
type Option ¶
type Option func(o *options)
func WithAllowedHosts ¶
WithAllowedHosts is a list of fully qualified domain names that are allowed. Default is empty list, which allows any and all host names.
func WithBadHostHandler ¶
func WithBadHostHandler(handler app.HandlerFunc) Option
WithBadHostHandler use to when an error occurs (ie bad host).
func WithBrowserXssFilter ¶
WithBrowserXssFilter when BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is false.
func WithContentSecurityPolicy ¶
WithContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "".
func WithContentTypeNosniff ¶
WithContentTypeNosniff when ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is false.
func WithCustomFrameOptionsValue ¶
WithCustomFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value. This overrides the FrameDeny option.
func WithDontRedirectIPV4Hostnames ¶
WithDontRedirectIPV4Hostnames when DontRedirectIPV4Hostnames is true, requests to hostnames that are IPV4 addresses aren't redirected. This is to allow load balancer health checks to succeed.
func WithFeaturePolicy ¶
WithFeaturePolicy is a new header that allows a site to control which features and APIs can be used in the browser.
func WithFrameDeny ¶
WithFrameDeny when FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is false.
func WithIENoOpen ¶
WithIENoOpen prevents Internet Explorer from executing downloads in your site’s context
func WithIsDevelopment ¶
WithIsDevelopment when true, the whole security policy applied by the middleware is disabled completely.
func WithReferrerPolicy ¶
WithReferrerPolicy use to set HTTP header "Referrer-Policy" governs which referrer information, sent in the Referrer header,/should be included with requests made.
func WithSSLHost ¶
WithSSLHost is the host name that is used to redirect http requests to https. Default is "", which indicates to use the same host.
func WithSSLProxyHeaders ¶
WithSSLProxyHeaders If the request is insecure, treat it as secure if any of the headers in this dict are set to their corresponding value This is useful when your app is running behind a secure proxy that forwards requests to your app over http (such as on Heroku).
func WithSSLRedirect ¶
WithSSLRedirect when SSLRedirect is set to true, then only allow https requests. Default is false.
func WithSSLTemporaryRedirect ¶
WithSSLTemporaryRedirect when SSLTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
func WithSTSIncludeSubdomains ¶
WithSTSIncludeSubdomains when STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false.
func WithSTSSecond ¶
WithSTSSecond is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.