Documentation
¶
Index ¶
- Constants
- Variables
- func AccessControlMiddleware(next http.Handler) http.Handler
- func ErrorSensitivityFromContext(ctx context.Context) (s errawr.ErrorSensitivity, ok bool)
- func LogMiddleware(next http.Handler) http.Handler
- func NewContextWithErrorSensitivity(ctx context.Context, sensitivity errawr.ErrorSensitivity) context.Context
- func NewPath(escaped string) *url.URL
- func RequestMiddleware(next http.Handler) http.Handler
- func SetContentDispositionHeader(w http.ResponseWriter, filename string)
- func SetPageQuery(out url.Values, r *http.Request)
- func SetQuery(u *url.URL, r *http.Request, fns ...SetQueryFunc)
- func WriteError(ctx context.Context, w http.ResponseWriter, err errors.Error)
- func WriteObjectCreated(ctx context.Context, w http.ResponseWriter, object interface{})
- func WriteObjectOK(ctx context.Context, w http.ResponseWriter, object interface{})
- func WriteObjectWithStatus(ctx context.Context, w http.ResponseWriter, status int, object interface{})
- func WriteRedirect(w http.ResponseWriter, u *url.URL)
- type CORSBuilder
- func (cb *CORSBuilder) AllowHeaderPrefix(prefix string) *CORSBuilder
- func (cb *CORSBuilder) AllowHeaders(headers ...string) *CORSBuilder
- func (cb *CORSBuilder) AllowMethods(methods ...string) *CORSBuilder
- func (cb *CORSBuilder) AllowOrigins(origins ...string) *CORSBuilder
- func (cb *CORSBuilder) Build() http.Handler
- func (cb *CORSBuilder) Middleware(next http.Handler) http.Handler
- func (cb *CORSBuilder) PreflightHandler() http.Handler
- type CSPBuilder
- type Cacheable
- type ConditionalResolver
- type ETag
- type ErrorEnvelope
- type Page
- type RangeError
- type RangeErrorCode
- type RangeHeader
- type RangeSpec
- type SetQueryFunc
- type TrackingResponseWriter
Constants ¶
const ( CSPBaseURI cspDirectiveType = iota CSPBlockAllMixedContent CSPDefaultSrc CSPFontSrc CSPFormSrc CSPFrameAncestors CSPFrameSrc CSPManifestSrc CSPMediaSrc CSPScriptSrc CSPStyleSrc CSPImgSrc )
This is an incomplete list of directives for the Content-Security-Policy header. More directives can be added here for further CSP support.
const ( MaxContentDispositionHeaderFilenameLength = 256 DefaultAttachmentFilename = "attachment" )
Variables ¶
var ErrRangeHeaderInvalid = errors.New("Invalid Range header")
Functions ¶
func ErrorSensitivityFromContext ¶
func ErrorSensitivityFromContext(ctx context.Context) (s errawr.ErrorSensitivity, ok bool)
func SetContentDispositionHeader ¶
func SetContentDispositionHeader(w http.ResponseWriter, filename string)
SetContentDispositionHeader cleans the given filename, setting the sanitized name in the response as the Content-Disposition header filename value.
Content-Disposition is so hard to get right that there's an entire RFC dedicated to it [https://tools.ietf.org/html/rfc6266]. It is recommended to just use this function and accept the resulting filename rather than trying to customize anything.
func WriteError ¶
func WriteObjectCreated ¶
func WriteObjectCreated(ctx context.Context, w http.ResponseWriter, object interface{})
func WriteObjectOK ¶
func WriteObjectOK(ctx context.Context, w http.ResponseWriter, object interface{})
func WriteObjectWithStatus ¶
func WriteObjectWithStatus(ctx context.Context, w http.ResponseWriter, status int, object interface{})
func WriteRedirect ¶
func WriteRedirect(w http.ResponseWriter, u *url.URL)
Types ¶
type CORSBuilder ¶
type CORSBuilder struct {
// contains filtered or unexported fields
}
CORSBuilder builds an http.Handler that can be used as a middleware to set CORS access control headers for relaxing same-origin browser policies.
func (*CORSBuilder) AllowHeaderPrefix ¶
func (cb *CORSBuilder) AllowHeaderPrefix(prefix string) *CORSBuilder
AllowHeaderPrefix takes a header prefix and allows all headers that match the given prefix for requests.
example AllowHeaderPrefix("example-") will allow a request with header Example-XYZ.
func (*CORSBuilder) AllowHeaders ¶
func (cb *CORSBuilder) AllowHeaders(headers ...string) *CORSBuilder
AllowHeaders takes a variadic of header strings to allow. It is similar to AllowHeaderPrefix, but it matches against the entire string instead of matching against a partial prefix.
func (*CORSBuilder) AllowMethods ¶
func (cb *CORSBuilder) AllowMethods(methods ...string) *CORSBuilder
AllowMethods takes a variadic of http methods to allow.
func (*CORSBuilder) AllowOrigins ¶
func (cb *CORSBuilder) AllowOrigins(origins ...string) *CORSBuilder
AllowOrigins takes a variadic of http origins to allow. The match is against the entire origin string and no patterns are allowed. The first one in the list is the default origin to return in the event the origin in the request isn't. There is no attempt to error on an origin that isn't in the list because this is the client's job. We simple return an origin that _is_ allowed and let the client block the request from happening.
func (*CORSBuilder) Build ¶
func (cb *CORSBuilder) Build() http.Handler
Build returns an http.Handler that can set Access-Control-Allow-* headers based on requests it receives.
DEPRECATED use PreflightHandler.
func (*CORSBuilder) Middleware ¶
func (cb *CORSBuilder) Middleware(next http.Handler) http.Handler
Middleware wraps an http.Handler to set ACAO headers on responses.
func (*CORSBuilder) PreflightHandler ¶
func (cb *CORSBuilder) PreflightHandler() http.Handler
PreflightHandler returns an http.Handler that can set Access-Control-Allow-* headers for preflight-requests (OPTIONS).
type CSPBuilder ¶
type CSPBuilder struct {
// contains filtered or unexported fields
}
CSPBuilder uses values stored for src's and builds a valid Content-Security-Policy header.
func (*CSPBuilder) Middleware ¶
func (cb *CSPBuilder) Middleware(next http.Handler) http.Handler
Middleware is a middleware wrapper that can be used to inject a Content-Security-Policy header into a server's response. It builds the header value and joins it together in the proper format then passes the request off to the `next` http.Handler.
func (*CSPBuilder) SetDirective ¶
func (cb *CSPBuilder) SetDirective(dt cspDirectiveType, sources ...string) *CSPBuilder
SetDirective sets sources for directive types. Sources is a variadic and not every directive type uses them, so they are not always required.
type ConditionalResolver ¶
type ConditionalResolver interface {
Accept(ctx context.Context, w http.ResponseWriter, c Cacheable) bool
}
func NewConditionalResolver ¶
func NewConditionalResolver(r *http.Request) ConditionalResolver
type ErrorEnvelope ¶
type ErrorEnvelope struct {
Error *encoding.ErrorDisplayEnvelope `json:"error"`
}
func NewErrorEnvelope ¶
func NewErrorEnvelope(err errors.Error) *ErrorEnvelope
func NewErrorEnvelopeWithSensitivity ¶
func NewErrorEnvelopeWithSensitivity(err errors.Error, sensitivity errawr.ErrorSensitivity) *ErrorEnvelope
type RangeError ¶
type RangeError struct { Code RangeErrorCode Message string }
func (*RangeError) Error ¶
func (e *RangeError) Error() string
type RangeErrorCode ¶
type RangeErrorCode string
const ( InvalidRangeHeader RangeErrorCode = "InvalidRangeHeader" UnsupportedRangeUnit RangeErrorCode = "UnsupportedRangeUnit" UnsatisfiableRange RangeErrorCode = "UnsatisfiableRange" )
type RangeHeader ¶
func ScanRangeHeader ¶
func ScanRangeHeader(header string) (*RangeHeader, error)
type TrackingResponseWriter ¶
type TrackingResponseWriter interface { http.ResponseWriter StatusCode() (int, bool) Committed() bool }
func NewTrackingResponseWriter ¶
func NewTrackingResponseWriter(delegate http.ResponseWriter) TrackingResponseWriter