Documentation ¶
Overview ¶
Package secure_headers decorates an http.Handler and sets several key security headers
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultSettings = Settings{ CspOpts: csp.Opts{}, ReportOpts: csp.Opts{}, FrameOptions: "SAMEORIGIN", StrictTransportSecurity: "max-age=31536000; includeSubDomains", ContentTypeOptions: "nosniff", XSSProtection: "1; mode=block", PermittedCrossDomainPolicies: "master-only", }
Sane/safe defaults for the secure headers decorator. Content-Security-Policy is disabled by default as it is very restrictive.
Functions ¶
Types ¶
type Settings ¶
type Settings struct { CspOpts csp.Opts // Content-Security-Policy ReportOpts csp.Opts // Content-Security-Policy-Report-Only // Where can this site be embedded as an iframe FrameOptions string // Should user agents default to SSL StrictTransportSecurity string // Should IE guess mime types ContentTypeOptions string // Should IE run code that 'looks like' an XSS XSSProtection string // Specify which cross-domain policies flash can load PermittedCrossDomainPolicies string }
Settings configures the headers a secure handler will add to a ResponseWriter
Click to show internal directories.
Click to hide internal directories.