secure

package module
v0.0.0-...-93a865a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2016 License: MIT Imports: 5 Imported by: 2

README

secure

Package secure is a handler for the core.
It provides quick security wins.

GoDoc

Documentation

Overview

Package secure is a handler for the core (https://godoc.org/github.com/volatile/core). It provides quick security wins.

Usage

Use adds the handler to the default handlers stack: 

secure.Use(nil)

Make sure to include the handler above any other handler that alter the response body.

See Options reference for custom settings.

Index

Constants

View Source 
const (
	// HPKPDefaultMaxAge provides a default HPKP Max-Age value of 30 days.
	HPKPDefaultMaxAge = 30 * 24 * time.Hour
	// HSTSDefaultMaxAge provides a default HSTS Max-Age value of 30 days.
	HSTSDefaultMaxAge = 30 * 24 * time.Hour
	// HSTSPreloadMinAge is the lowest max age usable with HSTS preload. See https://hstspreload.appspot.com.
	HSTSPreloadMinAge = 10886400
)

Variables

This section is empty.

Functions

func Use 

func Use(options *Options)

Use adds the handler to the default handlers stack.

Types

type HPKPOptions 

type HPKPOptions struct {
	Keys              []string      // Keys contains the Base64 encoded Subject Public Key Information (SPKI) fingerprints. This field is required.
	MaxAge            time.Duration // MaxAge indicates how long the browser should remember that this site is only to be accessed using one of the pinned keys. This field is required.
	IncludeSubdomains bool          // IncludeSubdomains indicates whether HPKP applies to all of the site's subdomains as well.
	ReportURI         string        // ReportURI is the URL at which validation failures are reported to.
}

HPKPOptions represents HTTP Public Key Pinning options. See RFC 7469 and https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning.

type HSTSOptions 

type HSTSOptions struct {
	MaxAge            time.Duration // MaxAge indicates how long the browser should remember that this site is only to be accessed using HTTPS. This field is required.
	IncludeSubdomains bool          // IncludeSubdomains indicates whether HSTS applies to all of the site's subdomains as well.
	Preload           bool          // Preload indicates whether the browsers must use a secure connection. It's not a standard. See https://hstspreload.appspot.com.
}

HSTSOptions represents HTTP Strict Transport Security options. See RFC 6797 and https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security.

type Options 

type Options struct {
	AllowedHosts []string     // AllowedHosts indicates which fully qualified domain names are allowed to point to this server. If none are set, all are allowed.
	CSP          string       // CSP contains Content Security Policy for responses. See http://www.w3.org/TR/CSP/ and https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_Content_Security_Policy.
	FrameAllowed bool         // FrameAllowed indicates whether the browsers can display the response in a frame, regardless of the site attempting to do so.
	HPKP         *HPKPOptions // HPKP contains the HTTP Public Key Pinning options.
	HSTS         *HSTSOptions // HPKP contains the HTTP Strict Transport Security options.
	SSLForced    bool         // SSLForced indicates whether an insecure request must be redirected to the secure protocol.
}

Options represents security options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.