header

package

v0.0.0-...-020e9e7 Latest Latest Go to latest Published: Apr 28, 2024 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/photoprism/photoprism

Links

Open Source Insights

Documentation ¶

Overview ¶

Package header provides abstractions and naming constants for HTTP request and response headers.

This program is free software: you can redistribute it and/or modify
it under Version 3 of the GNU Affero General Public License (the "AGPL"):
<https://docs.photoprism.app/license/agpl>

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

The AGPL is supplemented by our Trademark and Brand Guidelines,
which describe how our Brand Assets may be used:
<https://www.photoprism.app/trademark>

Feel free to send an email to hello@photoprism.app if you have questions, want to support our work, or just want to say hello.

Additional information can be found in our Developer Guide: <https://docs.photoprism.app/developer-guide/>

Index ¶

Constants
Variables
func AbortCdnRequest(req *http.Request) bool
func AllowCORS(path string) bool
func AuthToken(c *gin.Context) string
func Authorization(c *gin.Context) (authType, authToken string)
func BasicAuth(c *gin.Context) (username, password, cacheKey string)
func BearerToken(c *gin.Context) string
func CacheControlMaxAge(maxAge int, public bool) string
func ClientIP(c *gin.Context) (ip string)
func IsCdn(req *http.Request) bool
func SetAuthorization(r *http.Request, authToken string)
func SetCacheControl(c *gin.Context, maxAge int, public bool)
func SetCacheControlImmutable(c *gin.Context, maxAge int, public bool)
func UserAgent(c *gin.Context) string

Constants ¶

View Source

const (
	Auth       = "Authorization" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
	AuthBasic  = "Basic"
	AuthBearer = "Bearer"
	XAuthToken = "X-Auth-Token"
	XSessionID = "X-Session-ID"
)

View Source

const (
	// The CacheControl request and response header field contains directives (instructions)
	// that control caching in browsers and shared caches (e.g. proxies, CDNs).
	// See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
	CacheControl = "Cache-Control"

	// CacheControlDefault indicates that the response remains valid for 604800 seconds (7 days) after it
	// has been generated. Note that max-age is not the time that has elapsed since the response was received,
	// but the time that has elapsed since the response was created on the origin server.
	CacheControlDefault = "max-age=604800"

	// CacheControlNoStore indicates that caches of any kind (private or shared) should not store the response.
	CacheControlNoStore = "no-store"

	// CacheControlNoCache indicates that the response can be stored in caches, but must be validated with
	// the origin server before each reuse, even when the cache is not connected to the origin server.
	CacheControlNoCache = "no-cache"

	// CacheControlPublic indicates that the response can be stored in a shared cache.
	// Responses to requests with Authorization header fields must not be stored in a shared cache;
	// however, the public directive causes such responses to be stored in a shared cache.
	CacheControlPublic = "public"

	// CacheControlPrivate indicates that the response can only be stored in a private cache (e.g. browsers).
	// You should add the private directive for personalized content, especially for responses sent after login.
	CacheControlPrivate = "private"

	// CacheControlImmutable indicates that the response will not be updated while it's fresh.
	CacheControlImmutable = "immutable"
)

View Source

const (
	CdnHost         = "Cdn-Host"
	CdnMobileDevice = "Cdn-Mobiledevice"
	CdnServerZone   = "Cdn-Serverzone"
	CdnServerID     = "Cdn-Serverid"
	CdnConnectionID = "Cdn-Connectionid"
)

Content Delivery Network (CDN) headers.

View Source

const (
	Accept             = "Accept"
	AcceptEncoding     = "Accept-Encoding"
	AcceptRanges       = "Accept-Ranges"
	ContentType        = "Content-Type"
	ContentDisposition = "Content-Disposition"
	ContentEncoding    = "Content-Encoding"
	ContentRange       = "Content-Range"
	Location           = "Location"
	Origin             = "Origin"
	Vary               = "Vary"
)

Standard content request and response header names.

View Source

const (
	ContentTypeForm      = "application/x-www-form-urlencoded"
	ContentTypeMultipart = "multipart/form-data"
	ContentTypeJson      = "application/json"
	ContentTypeJsonUtf8  = "application/json; charset=utf-8"
)

Standard ContentType header values.

View Source

const (
	AccessControlAllowOrigin  = "Access-Control-Allow-Origin"  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
	AccessControlAllowHeaders = "Access-Control-Allow-Headers" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
	AccessControlAllowMethods = "Access-Control-Allow-Methods" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
	AccessControlMaxAge       = "Access-Control-Max-Age"       // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
)

Cross-Origin Resource Sharing (CORS) headers.

View Source

const (
	StrictTransportSecurity = "Strict-Transport-Security"  // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
	ContentSecurityPolicy   = "Content-Security-Policy"    // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
	CrossOriginOpenerPolicy = "Cross-Origin-Opener-Policy" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
	ReferrerPolicy          = "Referrer-Policy"            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	ContentTypeOptions      = "X-Content-Type-Options"     // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
	XSSProtection           = "X-XSS-Protection"           // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
	FrameOptions            = "X-Frame-Options"            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
	ForwardedProto          = "X-Forwarded-Proto"          // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
)

HTTP/HTTPS security headers.

View Source

const (
	Any  = "*"
	Deny = "DENY"
)

View Source

const (
	XFavorite = "X-Favorite"
	XModTime  = "X-OC-MTime"
)

View Source

const (
	CidrDockerInternal = "172.16.0.0/12"
)

View Source

const (
	UnknownIP = "0.0.0.0"
)

Variables ¶

View Source

var (
	CacheControlPublicDefault  = CacheControlPublic + ", " + CacheControlDefault  // public, max-age=604800
	CacheControlPrivateDefault = CacheControlPrivate + ", " + CacheControlDefault // private, max-age=604800
)

CacheControl defaults.

View Source

var (
	DefaultAccessControlAllowOrigin  = ""
	CorsHeaders                      = []string{Accept, AcceptRanges, ContentDisposition, ContentEncoding, ContentRange, Location}
	DefaultAccessControlAllowHeaders = strings.Join(CorsHeaders, ", ")
	CorsMethods                      = []string{http.MethodGet, http.MethodHead, http.MethodOptions}
	DefaultAccessControlAllowMethods = strings.Join(CorsMethods, ", ")
	DefaultAccessControlMaxAge       = "3600"
)

CORS header defaults.

View Source

var (
	ProtoHttp  = "http"
	ProtoHttps = "https"
	ProtoWss   = "wss"
)

View Source

var (
	DefaultContentSecurityPolicy = "frame-ancestors 'none';"
	DefaultFrameOptions          = Deny
)

Security header defaults.

View Source

var (
	CdnMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions}
)

View Source

var CorsExt = map[string]bool{
	".ttf":   true,
	".ttc":   true,
	".otf":   true,
	".eot":   true,
	".woff":  true,
	".woff2": true,
	".css":   true,
	".js":    true,
	".json":  true,
	".svg":   true,
}

CorsExt contains all static asset extensions for which a CORS header may be added automatically.

Functions ¶

func AbortCdnRequest ¶

func AbortCdnRequest(req *http.Request) bool

AbortCdnRequest checks if the request should not be served through a CDN.

func AllowCORS ¶

func AllowCORS(path string) bool

AllowCORS checks if CORS headers can be safely used based on a request's file path. See: https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements

func AuthToken ¶

func AuthToken(c *gin.Context) string

AuthToken returns the client authentication token from the request context, or an empty string if none is found.

func Authorization ¶

func Authorization(c *gin.Context) (authType, authToken string)

Authorization returns the authentication type and token from the authorization request header, or an empty string if there is none.

func BasicAuth ¶

func BasicAuth(c *gin.Context) (username, password, cacheKey string)

BasicAuth checks the basic authorization header for credentials and returns them if found.

Note that OAuth 2.0 defines basic authentication differently than RFC 7617, however, this does not matter as long as only alphanumeric characters are used for client id and secret: https://www.scottbrady91.com/oauth/client-authentication#:~:text=OAuth%20Basic%20Authentication

func BearerToken ¶

func BearerToken(c *gin.Context) string

BearerToken returns the client bearer token header value, or an empty string if none is found.

func CacheControlMaxAge ¶

func CacheControlMaxAge(maxAge int, public bool) string

CacheControlMaxAge returns a CacheControl header value based on the specified maxAge time in seconds or the defaults if maxAge is not a positive number.

func ClientIP ¶

func ClientIP(c *gin.Context) (ip string)

ClientIP returns the client IP address from the request context or a placeholder if it is unknown.

func IsCdn ¶

func IsCdn(req *http.Request) bool

IsCdn checks whether the request seems to come from a CDN.

func SetAuthorization ¶

func SetAuthorization(r *http.Request, authToken string)

SetAuthorization adds a bearer token authorization header to a request.

func SetCacheControl ¶

func SetCacheControl(c *gin.Context, maxAge int, public bool)

SetCacheControl adds a CacheControl header to the response based on the specified parameters. If maxAge is 0, the defaults will be used.

func SetCacheControlImmutable ¶

func SetCacheControlImmutable(c *gin.Context, maxAge int, public bool)

SetCacheControlImmutable adds a CacheControl header to the response based on the specified parameters and with the immutable directive set. If maxAge is 0, the defaults will be used.

func UserAgent ¶

func UserAgent(c *gin.Context) string

UserAgent returns the user agent from the request context or an empty string if it is unknown.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL