README
¶
Documentation
¶
Overview ¶
Package secfetch implements a simple middleware to protect HTTP handlers from cross-origin requests by leveraging Fetch Metadata.
Suggested usage is to protect the entire http.Server.Handler and not single handlers. Example usage:
srv := http.Server{
Handler: secfetch.ProtectHandler(myServeMux),
// Rest of configuration here.
}
This package supports a log-only mode to ease deployment and test the configuration before enforcing it.
It is possible to exempt some handlers by registering them on a http.ServeMux after a previous one has been protected. A use case for this is CORS APIs that need to reply to cross-site requests. Example:
var pmux http.ServeMux
pmux.Handle("/protected1", protHandler1)
pmux.Handle("/protected2", protHandler2)
var mux http.ServeMux
mux.Handle("/", secfetch.ProtectHandler(&pmux))
mux.Handle("/unprotected", publicHandler)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProtectHandler ¶
ProtectHandler isolates h from potentially malicious requests.
func ProtectHandlerLogOnly ¶
func ProtectHandlerLogOnly(h http.Handler, rl RequestLogger) http.Handler
ProtectHandlerLogOnly behaves like ProtectHandler, but only logs requests that would have been blocked.
Types ¶
type RequestLogger ¶
type RequestLogger interface {
// LogRequest is called with every request that needs to be logged.
LogRequest(*http.Request)
}
RequestLogger is a type that can log http requests.
Source Files