Documentation ¶
Overview ¶
Package secfetch implements a simple middleware to protect HTTP handlers from cross-origin requests by leveraging Fetch Metadata.
Suggested usage is to protect the entire http.Server.Handler and not single handlers. Example usage:
srv := http.Server{ Handler: secfetch.ProtectHandler(myServeMux), // Rest of configuration here. }
This package supports a log-only mode to ease deployment and test the configuration before enforcing it.
It is possible to exempt some handlers by registering them on a http.ServeMux after a previous one has been protected. A use case for this is CORS APIs that need to reply to cross-site requests. Example:
var pmux http.ServeMux pmux.Handle("/protected1", protHandler1) pmux.Handle("/protected2", protHandler2) var mux http.ServeMux mux.Handle("/", secfetch.ProtectHandler(&pmux)) mux.Handle("/unprotected", publicHandler)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProtectHandler ¶
ProtectHandler isolates h from potentially malicious requests.
func ProtectHandlerLogOnly ¶
func ProtectHandlerLogOnly(h http.Handler, rl RequestLogger) http.Handler
ProtectHandlerLogOnly behaves like ProtectHandler, but only logs requests that would have been blocked.
Types ¶
type RequestLogger ¶
type RequestLogger interface { // LogRequest is called with every request that needs to be logged. LogRequest(*http.Request) }
RequestLogger is a type that can log http requests.