Documentation ¶
Index ¶
- func CacheControlMaxAge(seconds uint32) *uint32
- func DefaultCORS() webserver.MiddlewareFunc
- func DefaultSafeBrowsing() webserver.MiddlewareFunc
- func DisableClientCache() webserver.MiddlewareFunc
- func NewCORS(opts CORSOptions) webserver.MiddlewareFunc
- func NewCacheControl(opts CacheControlOptions) webserver.MiddlewareFunc
- func NewConditional(cond ConditionEvaluator, m webserver.MiddlewareFunc) webserver.MiddlewareFunc
- func NewNoOP() webserver.MiddlewareFunc
- func NewPanic(opts PanicOptions) webserver.MiddlewareFunc
- func NewProtected(evaluator ProtectedEndpointEvaluator) webserver.MiddlewareFunc
- func NewSafeBrowsing(opts SafeBrowsingOptions) webserver.MiddlewareFunc
- func NewTrailingSlash(opts TrailingSlashOptions) webserver.MiddlewareFunc
- func ProtectedWithToken(accessToken string) webserver.MiddlewareFunc
- type CORSOptions
- type CacheControlOptions
- type ConditionEvaluator
- type PanicErrorHandler
- type PanicOptions
- type ProtectedEndpointEvaluator
- type SafeBrowsingOptions
- type TrailingSlashOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CacheControlMaxAge ¶
func DefaultCORS ¶
func DefaultCORS() webserver.MiddlewareFunc
DefaultCORS creates a default CORS middleware that allows requests from anywhere
func DefaultSafeBrowsing ¶ added in v1.3.0
func DefaultSafeBrowsing() webserver.MiddlewareFunc
DefaultSafeBrowsing creates a default SafeBrowsing middleware with commonly used options
func DisableClientCache ¶ added in v1.1.4
func DisableClientCache() webserver.MiddlewareFunc
DisableClientCache creates a default cache control middleware that disables the client's cache
func NewCORS ¶
func NewCORS(opts CORSOptions) webserver.MiddlewareFunc
NewCORS creates a new CORS middleware based on the specified options
func NewCacheControl ¶
func NewCacheControl(opts CacheControlOptions) webserver.MiddlewareFunc
NewCacheControl creates a new client cache control middleware based on the specified options
func NewConditional ¶ added in v1.1.4
func NewConditional(cond ConditionEvaluator, m webserver.MiddlewareFunc) webserver.MiddlewareFunc
NewConditional wraps a middleware to conditionally execute or skip it depending on the evaluator's return value
func NewNoOP ¶ added in v1.3.0
func NewNoOP() webserver.MiddlewareFunc
NewNoOP creates a no-operation middleware
func NewPanic ¶ added in v1.3.0
func NewPanic(opts PanicOptions) webserver.MiddlewareFunc
NewPanic wraps a middleware that recovers from panics
func NewProtected ¶ added in v1.1.4
func NewProtected(evaluator ProtectedEndpointEvaluator) webserver.MiddlewareFunc
NewProtected creates a protection middleware based on an evaluator callback
func NewSafeBrowsing ¶ added in v1.3.0
func NewSafeBrowsing(opts SafeBrowsingOptions) webserver.MiddlewareFunc
NewSafeBrowsing creates a new SafeBrowsing middleware based on the specified options
func NewTrailingSlash ¶ added in v1.3.0
func NewTrailingSlash(opts TrailingSlashOptions) webserver.MiddlewareFunc
NewTrailingSlash creates a new middleware to handle trailing slashes in request's paths
func ProtectedWithToken ¶ added in v1.1.4
func ProtectedWithToken(accessToken string) webserver.MiddlewareFunc
ProtectedWithToken creates a protection middleware based on an access token string
Types ¶
type CORSOptions ¶
type CORSOptions struct { // AllowOrigins defines a list of origins that may access the resource. // Optional. Defaults to "*". AllowOrigins []string `json:"allow-origins,omitempty"` // AllowMethods defines a list methods allowed when accessing the resource. // If defined as an empty list, the preflight `Allow` request header value will be used. AllowMethods []string `json:"allow-methods,omitempty"` // AllowHeaders defines a list of request headers that can be used when // making the actual request. AllowHeaders []string `json:"allow-headers,omitempty"` // AllowCredentials indicates whether the response to the request // can be exposed when the credentials flag is true. // Do not set to true if allow origins is "*". // See: http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html AllowCredentials bool `json:"allow-credentials,omitempty"` // ExposeHeaders defines a whitelist headers that clients are allowed to access. ExposeHeaders []string `json:"expose-headers,omitempty"` // MaxAge indicates how many seconds the results of a preflight request can be cached. Defaults to 0. MaxAge int `json:"max-age,omitempty"` }
CORSOptions defines the behavior on how CORS requests should be handled.
type CacheControlOptions ¶
type CacheControlOptions struct { Public bool Private bool NoCache bool NoStore bool NoTransform bool MustRevalidate bool ProxyRevalidate bool MaxAgeInSeconds *uint32 StaleWhileRevalidateInSeconds *uint32 StaleIfErrorInSeconds *uint32 }
CacheControlOptions defines the behavior on how Cache-Control headers are sent.
type ConditionEvaluator ¶ added in v1.1.4
type ConditionEvaluator func(req *request.RequestContext) bool
ConditionEvaluator defines a function that executes the wrapped middleware if returns true
type PanicErrorHandler ¶ added in v1.3.0
type PanicErrorHandler func(req *request.RequestContext, err error, stack []byte) error
PanicErrorHandler defines a function to call when a panic occurs.
type PanicOptions ¶ added in v1.3.0
type PanicOptions struct { // StackSize establishes the maximum stack buffer to print in bytes. StackSize int `json:"stackSize,omitempty"` // IncludeAllGoRoutines, if true, then the stack of all the go routines are included. IncludeAllGoRoutines bool `json:"includeAllGoRoutines,omitempty"` // PanicErrorHandler is an optional custom callback to call if a panic is raised. PanicErrorHandler PanicErrorHandler }
PanicOptions defines the behavior on how to deal with panics raised by request handlers.
type ProtectedEndpointEvaluator ¶ added in v1.1.4
type ProtectedEndpointEvaluator func(req *request.RequestContext) bool
ProtectedEndpointEvaluator evaluates if endpoint access must be denied. Return true to deny access.
type SafeBrowsingOptions ¶ added in v1.3.0
type SafeBrowsingOptions struct { // XXSSProtection sets the `X-XSS-Protection` header to stops pages from loading when they detect reflected // cross-site scripting (XSS) attacks. // Optional. Defaults to "1; mode=block". XXSSProtection string `json:"x-xss-protection,omitempty"` // XContentTypeNoSniff sets the `X-Content-Type-Options` header to indicate that the MIME types advertised // in the Content-Type headers should be followed and not be changed. // Optional. Defaults to "nosniff". XContentTypeNoSniff string `json:"x-content-type-options,omitempty"` // XFrameOptions can be used to indicate whether a browser should be allowed to render a page in a <frame>, // <iframe> or <object>. // Optional. Defaults to "sameorigin". // Possible values: "sameorigin", "deny", "allow-from uri" XFrameOptions string `json:"x-frame-options,omitempty"` // HSTS controls the `Strict-Transport-Security` header to inform browsers that the site should only be // accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be // converted to HTTPS. HSTS struct { // MaxAge establishes the time, in seconds, that the browser should remember that a site is only to be // accessed using HTTPS. // Optional. Defaults to 0. MaxAge uint `json:"max-age,omitempty"` // IncludeSubdomains is used to apply the HSTS settings to all of the site's subdomains as well. // Optional. IncludeSubdomains bool `json:"include-subdomains,omitempty"` // Preload will add the preload tag in the HSTS header. See https://hstspreload.org/ for details. // Optional. Preload bool `json:"preload,omitempty"` } `json:"hsts,omitempty"` // ContentSecurityPolicy sets the `Content-Security-Policy` header to enhance security against XSS. // Optional. ContentSecurityPolicy string `json:"content-security-policy,omitempty"` // ContentSecurityPolicyReportOnly would use the `Content-Security-Policy-Report-Only` header instead // of the `Content-Security-Policy` header. Used to report violations instead of blocking resources. // Optional. ContentSecurityPolicyReportOnly bool `json:"csp-report-only,omitempty"` // ReferrerPolicy sets the `Referrer-Policy` header providing security against leaking potentially sensitive // request paths to third parties. // Optional. ReferrerPolicy string `json:"referrer-policy,omitempty"` }
SafeBrowsingOptions defines how common response headers for safe browsing are added.
type TrailingSlashOptions ¶ added in v1.3.0
type TrailingSlashOptions struct { // Remove tells the middleware to remove trailing slashes if present. // If this setting is false, then the trailing slash is added if absent. Remove bool `json:"remove,omitempty"` // RedirectCode, if not zero, will make the middleware to return a redirect response. RedirectCode uint `json:"redirectCode,omitempty"` }
TrailingSlashOptions defines a middleware that adds or removes trailing slashes in paths.