Documentation ¶
Overview ¶
Package secure adds headers to protect against xss and reflection attacks and force use of https
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ContentSecurityPolicy = "frame-ancestors 'self'; style-src 'self'; script-src 'self' www.google-analytics.com"
ContentSecurityPolicy defaults to a strict policy disallowing iframes and scripts from any other origin save self (and Google Analytics for scripts)
Functions ¶
func HSTSMiddleware ¶ added in v1.6.7
func HSTSMiddleware(h http.HandlerFunc) http.HandlerFunc
HSTSMiddleware adds only the Strict-Transport-Security with a duration of 2 years
func Middleware ¶
func Middleware(h http.HandlerFunc) http.HandlerFunc
Middleware adds some headers suitable for secure sites
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.