Documentation ¶
Overview ¶
Package header provides abstractions and naming constants for HTTP request and response headers.
Copyright (c) 2018 - 2024 PhotoPrism UG. All rights reserved.
This program is free software: you can redistribute it and/or modify it under Version 3 of the GNU Affero General Public License (the "AGPL"): <https://docs.photoprism.app/license/agpl> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. The AGPL is supplemented by our Trademark and Brand Guidelines, which describe how our Brand Assets may be used: <https://www.photoprism.app/trademark>
Feel free to send an email to hello@photoprism.app if you have questions, want to support our work, or just want to say hello.
Additional information can be found in our Developer Guide: <https://docs.photoprism.app/developer-guide/>
Index ¶
- Constants
- Variables
- func AbortCdnRequest(req *http.Request) bool
- func AllowCORS(path string) bool
- func AuthToken(c *gin.Context) string
- func Authorization(c *gin.Context) (authType, authToken string)
- func BasicAuth(c *gin.Context) (username, password, cacheKey string)
- func BearerToken(c *gin.Context) string
- func CacheControlMaxAge(maxAge int, public bool) string
- func ClientIP(c *gin.Context) (ip string)
- func IsCdn(req *http.Request) bool
- func SetAuthorization(r *http.Request, authToken string)
- func SetCacheControl(c *gin.Context, maxAge int, public bool)
- func SetCacheControlImmutable(c *gin.Context, maxAge int, public bool)
- func UserAgent(c *gin.Context) string
Constants ¶
const ( Auth = "Authorization" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization AuthBasic = "Basic" AuthBearer = "Bearer" XAuthToken = "X-Auth-Token" XSessionID = "X-Session-ID" )
const ( // The CacheControl request and response header field contains directives (instructions) // that control caching in browsers and shared caches (e.g. proxies, CDNs). // See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control CacheControl = "Cache-Control" // CacheControlDefault indicates that the response remains valid for 604800 seconds (7 days) after it // has been generated. Note that max-age is not the time that has elapsed since the response was received, // but the time that has elapsed since the response was created on the origin server. CacheControlDefault = "max-age=604800" // CacheControlNoStore indicates that caches of any kind (private or shared) should not store the response. CacheControlNoStore = "no-store" // CacheControlNoCache indicates that the response can be stored in caches, but must be validated with // the origin server before each reuse, even when the cache is not connected to the origin server. CacheControlNoCache = "no-cache" // CacheControlPublic indicates that the response can be stored in a shared cache. // Responses to requests with Authorization header fields must not be stored in a shared cache; // however, the public directive causes such responses to be stored in a shared cache. CacheControlPublic = "public" // CacheControlPrivate indicates that the response can only be stored in a private cache (e.g. browsers). // You should add the private directive for personalized content, especially for responses sent after login. CacheControlPrivate = "private" // CacheControlImmutable indicates that the response will not be updated while it's fresh. CacheControlImmutable = "immutable" )
const ( CdnHost = "Cdn-Host" CdnMobileDevice = "Cdn-Mobiledevice" CdnServerZone = "Cdn-Serverzone" CdnServerID = "Cdn-Serverid" CdnConnectionID = "Cdn-Connectionid" )
Content Delivery Network (CDN) headers.
const ( Accept = "Accept" AcceptEncoding = "Accept-Encoding" AcceptRanges = "Accept-Ranges" ContentType = "Content-Type" ContentDisposition = "Content-Disposition" ContentEncoding = "Content-Encoding" ContentRange = "Content-Range" Location = "Location" Origin = "Origin" Vary = "Vary" )
Standard content request and response header names.
const ( ContentTypeForm = "application/x-www-form-urlencoded" ContentTypeMultipart = "multipart/form-data" ContentTypeJson = "application/json" ContentTypeJsonUtf8 = "application/json; charset=utf-8" )
Standard ContentType header values.
const ( AccessControlAllowOrigin = "Access-Control-Allow-Origin" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin AccessControlAllowHeaders = "Access-Control-Allow-Headers" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers AccessControlAllowMethods = "Access-Control-Allow-Methods" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods AccessControlMaxAge = "Access-Control-Max-Age" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age )
Cross-Origin Resource Sharing (CORS) headers.
const ( UnknownIP = "0.0.0.0" LocalIP = "127.0.0.1" )
const ( StrictTransportSecurity = "Strict-Transport-Security" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security ContentSecurityPolicy = "Content-Security-Policy" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy CrossOriginOpenerPolicy = "Cross-Origin-Opener-Policy" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy ReferrerPolicy = "Referrer-Policy" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy ContentTypeOptions = "X-Content-Type-Options" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options XSSProtection = "X-XSS-Protection" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection FrameOptions = "X-Frame-Options" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options ForwardedProto = "X-Forwarded-Proto" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto )
HTTP/HTTPS security headers.
const ( Any = "*" Deny = "DENY" )
const ( XFavorite = "X-Favorite" XModTime = "X-OC-MTime" )
const (
CidrDockerInternal = "172.16.0.0/12"
)
Variables ¶
var ( CacheControlPublicDefault = CacheControlPublic + ", " + CacheControlDefault // public, max-age=604800 CacheControlPrivateDefault = CacheControlPrivate + ", " + CacheControlDefault // private, max-age=604800 )
CacheControl defaults.
var ( DefaultAccessControlAllowOrigin = "" CorsHeaders = []string{Accept, AcceptRanges, ContentDisposition, ContentEncoding, ContentRange, Location} DefaultAccessControlAllowHeaders = strings.Join(CorsHeaders, ", ") CorsMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions} DefaultAccessControlAllowMethods = strings.Join(CorsMethods, ", ") DefaultAccessControlMaxAge = "3600" )
CORS header defaults.
var ( ProtoHttp = "http" ProtoHttps = "https" ProtoWss = "wss" )
var ( DefaultContentSecurityPolicy = "frame-ancestors 'none';" DefaultFrameOptions = Deny )
Security header defaults.
var (
CdnMethods = []string{http.MethodGet, http.MethodHead, http.MethodOptions}
)
var CorsExt = map[string]bool{ ".ttf": true, ".ttc": true, ".otf": true, ".eot": true, ".woff": true, ".woff2": true, ".css": true, ".js": true, ".json": true, ".svg": true, }
CorsExt contains all static asset extensions for which a CORS header may be added automatically.
Functions ¶
func AbortCdnRequest ¶
AbortCdnRequest checks if the request should not be served through a CDN.
func AllowCORS ¶
AllowCORS checks if CORS headers can be safely used based on a request's file path. See: https://www.w3.org/TR/css-fonts-3/#font-fetching-requirements
func AuthToken ¶
AuthToken returns the client authentication token from the request context, or an empty string if none is found.
func Authorization ¶
Authorization returns the authentication type and token from the authorization request header, or an empty string if there is none.
func BasicAuth ¶
BasicAuth checks the basic authorization header for credentials and returns them if found.
Note that OAuth 2.0 defines basic authentication differently than RFC 7617, however, this does not matter as long as only alphanumeric characters are used for client id and secret: https://www.scottbrady91.com/oauth/client-authentication#:~:text=OAuth%20Basic%20Authentication
func BearerToken ¶
BearerToken returns the client bearer token header value, or an empty string if none is found.
func CacheControlMaxAge ¶
CacheControlMaxAge returns a CacheControl header value based on the specified maxAge time in seconds or the defaults if maxAge is not a positive number.
func ClientIP ¶
ClientIP returns the client IP address from the request context or a placeholder if it is unknown.
func SetAuthorization ¶
SetAuthorization adds a bearer token authorization header to a request.
func SetCacheControl ¶
SetCacheControl adds a CacheControl header to the response based on the specified parameters. If maxAge is 0, the defaults will be used.
func SetCacheControlImmutable ¶
SetCacheControlImmutable adds a CacheControl header to the response based on the specified parameters and with the immutable directive set. If maxAge is 0, the defaults will be used.
Types ¶
This section is empty.