headers

package
v1.131.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HeaderWebsocketProtocol   = "Sec-WebSocket-Protocol" //https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Protocol
	HeaderWebsocketVersion    = "Sec-WebSocket-Version"
	HeaderWebsocketKey        = "Sec-WebSocket-Key"
	HeaderWebsocketAccept     = "Sec-WebSocket-Accept"
	HeaderWebsocketExtensions = "Sec-WebSocket-Extensions"
	HeaderConnection          = "Connection"
	HeaderVersion             = "Version"
	HeaderAcceptVersion       = "Accept-Version"
	HeaderHost                = "Host" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/host
	// https://greenbytes.de/tech/webdav/draft-ietf-httpapi-deprecation-header-latest.html#sunset
	HeaderSunset      = "Sunset"      // https://datatracker.ietf.org/doc/html/rfc8594
	HeaderDeprecation = "Deprecation" // https://datatracker.ietf.org/doc/html/draft-ietf-httpapi-deprecation-header-02
	HeaderLink        = headers.Link  // https://datatracker.ietf.org/doc/html/rfc8288
	// TUS Headers https://tus.io/protocols/resumable-upload#headers
	HeaderUploadOffset = "Upload-Offset"
	HeaderTusVersion   = "Tus-Version"
	HeaderUploadLength = "Upload-Length"
	HeaderTusResumable = "Tus-Resumable"
	HeaderTusExtension = "Tus-Extension"
	HeaderTusMaxSize   = "Tus-Max-Size"
	// Verb tunnelling  (see https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-odata/bdbabfa6-8c4a-4741-85a9-8d93ffd66c41)
	// CAUTION see the security risk of supporting such headers https://www.sidechannel.blog/en/http-method-override-what-it-is-and-how-a-pentester-can-use-it/
	HeaderXHTTPMethodOverride = "X-HTTP-Method-Override"
	HeaderXHTTPMethod         = "X-HTTP-Method"
	HeaderXMethodOverride     = "X-Method-Override"
	HeaderXOverrideMethod     = "X-Override-Method"

	// TUS extensions Headers
	HeaderUploadMetadata    = "Upload-Metadata"        // See https://tus.io/protocols/resumable-upload#upload-metadata
	HeaderUploadDeferLength = "Upload-Defer-Length"    // See https://tus.io/protocols/resumable-upload#upload-defer-length
	HeaderUploadExpires     = "Upload-Expires"         // See https://tus.io/protocols/resumable-upload#upload-expires
	HeaderChecksumAlgorithm = "Tus-Checksum-Algorithm" // See https://tus.io/protocols/resumable-upload#tus-checksum-algorithm
	HeaderChecksum          = "Upload-Checksum"        // See https://tus.io/protocols/resumable-upload#upload-checksum
	HeaderUploadConcat      = "Upload-Concat"          // See https://tus.io/protocols/resumable-upload#upload-concat

	MIMEXWWWFormURLEncoded = "application/x-www-form-urlencoded"
	MIMETusUpload          = "application/offset+octet-stream"
)

Variables

View Source 
var (
	// VerbTunnellingHeaders defines the non-standard headers which can be used for Verb tunnelling  (see https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-odata/bdbabfa6-8c4a-4741-85a9-8d93ffd66c41)
	VerbTunnellingHeaders = []string{HeaderXHTTPMethodOverride, HeaderXHTTPMethod, HeaderXMethodOverride, HeaderXOverrideMethod}
	// SafeHeaders corresponds to headers which do not store personal data.
	SafeHeaders = []string{
		HeaderVersion,
		HeaderAcceptVersion,
		HeaderHost,
		HeaderSunset,
		HeaderDeprecation,
		HeaderLink,
		HeaderWebsocketVersion,
		HeaderWebsocketAccept,
		HeaderWebsocketExtensions,
		HeaderConnection,
		HeaderUploadOffset,
		HeaderTusVersion,
		HeaderUploadLength,
		HeaderTusResumable,
		HeaderTusExtension,
		HeaderTusMaxSize,
		HeaderXHTTPMethodOverride,
		HeaderUploadMetadata,
		HeaderUploadDeferLength,
		HeaderUploadExpires,
		HeaderChecksumAlgorithm,
		HeaderChecksum,
		HeaderUploadConcat,
		HeaderXHTTPMethod,
		HeaderXMethodOverride,
		HeaderXOverrideMethod,
		headers.Accept,
		headers.AcceptCharset,
		headers.AcceptEncoding,
		headers.AcceptLanguage,
		headers.CacheControl,
		headers.ContentLength,
		headers.ContentMD5,
		headers.ContentType,
		headers.DoNotTrack,
		headers.IfMatch,
		headers.IfModifiedSince,
		headers.IfNoneMatch,
		headers.IfRange,
		headers.IfUnmodifiedSince,
		headers.MaxForwards,
		headers.Pragma,
		headers.Range,
		headers.Referer,
		headers.UserAgent,
		headers.TE,
		headers.Via,
		headers.Warning,
		headers.AcceptDatetime,
		headers.XRequestedWith,
		headers.AccessControlAllowOrigin,
		headers.AccessControlAllowMethods,
		headers.AccessControlAllowHeaders,
		headers.AccessControlAllowCredentials,
		headers.AccessControlExposeHeaders,
		headers.AccessControlMaxAge,
		headers.AccessControlRequestMethod,
		headers.AccessControlRequestHeaders,
		headers.AcceptPatch,
		headers.AcceptRanges,
		headers.Allow,
		headers.ContentEncoding,
		headers.ContentLanguage,
		headers.ContentLocation,
		headers.ContentDisposition,
		headers.ContentRange,
		headers.ETag,
		headers.Expires,
		headers.LastModified,
		headers.Link,
		headers.Location,
		headers.P3P,
		headers.ProxyAuthenticate,
		headers.Refresh,
		headers.RetryAfter,
		headers.Server,
		headers.TransferEncoding,
		headers.Upgrade,
		headers.Vary,
		headers.XPoweredBy,
		headers.XHTTPMethodOverride,
		headers.XRatelimitLimit,
		headers.XRatelimitRemaining,
		headers.XRatelimitReset,
	}
	// NormalisedSafeHeaders returns a normalised list of safe headers
	NormalisedSafeHeaders = collection.Map[string, string](SafeHeaders, headers.Normalize) //nolint:misspell

)

Functions

func AddProductInformationToUserAgent 

func AddProductInformationToUserAgent(r *http.Request, product, productVersion, comment string) (err error)

AddProductInformationToUserAgent adds some product information to the `User Agent`.

func AddToUserAgent 

func AddToUserAgent(r *http.Request, elements ...string) (err error)

AddToUserAgent adds some information to the `User Agent`.

func CreateLinkHeader 

func CreateLinkHeader(link, relation, contentType string) string

CreateLinkHeader creates a link header for a relation and mimetype

func FetchAuthorisation 

func FetchAuthorisation(r *http.Request) string

FetchAuthorisation fetches the value of `Authorization` header.

func FetchUserAgent 

func FetchUserAgent(r *http.Request) string

FetchUserAgent fetches the value of the `User-Agent` header.

func FetchWebSocketSubProtocols 

func FetchWebSocketSubProtocols(r *http.Request) (subProtocols []string)

FetchWebSocketSubProtocols fetches the values of `Sec-WebSocket-Protocol` header https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-WebSocket-Protocol.

func FetchWebsocketAuthorisation 

func FetchWebsocketAuthorisation(r *http.Request) (authorisationHeader string)

FetchWebsocketAuthorisation tries to find the authorisation header values in the case of websocket It will look in the `Authorization` header but will also look at some workaround suggested [here](https://ably.com/blog/websocket-authentication#:~:text=While%20the%20WebSocket%20browser%20API,token%20in%20the%20request%20header) and [there](https://github.com/kubernetes/kubernetes/pull/47740) If found using the workarounds, it will set the Authorization header with the determined value

func GenerateAuthorizationHeaderValue 

func GenerateAuthorizationHeaderValue(scheme string, token string) (value string, err error)

func ParseAuthorisationValue 

func ParseAuthorisationValue(authHeader string) (scheme string, token string, err error)

ParseAuthorisationValue determines the different element of a `Authorization` header value. and makes sure it has 2 parts <scheme> <token>

func ParseAuthorizationHeader 

func ParseAuthorizationHeader(r *http.Request) (string, string, error)

ParseAuthorizationHeader fetches the `Authorization` header and parses it.

func SetAuthorisation 

func SetAuthorisation(r *http.Request, authorisation string) (err error)

SetAuthorisation sets the value of the `Authorization` header.

func SetAuthorisationIfNotPresent 

func SetAuthorisationIfNotPresent(r *http.Request, authorisation string) (err error)

SetAuthorisationIfNotPresent sets the value of the `Authorization` header if not already set.

func SetAuthorisationToken 

func SetAuthorisationToken(r *http.Request, scheme, token string) (err error)

SetAuthorisationToken defines the `Authorization` header.

func SetContentLocationHeader 

func SetContentLocationHeader(w http.ResponseWriter, location string)

SetContentLocationHeader sets the `Content-Location` header

func SetLocationHeaders 

func SetLocationHeaders(w http.ResponseWriter, location string)

SetLocationHeaders sets the location errors for `POST` requests.

Types 

type Header struct {
	Key   string
	Value string
}

func (*Header) String 

func (h *Header) String() string

type Headers 

type Headers map[string]Header

func FromRequest added in v1.130.0 

func FromRequest(r *http.Request) *Headers

FromRequest returns request's headers

func FromResponse added in v1.130.0 

func FromResponse(resp *http.Response) *Headers

FromResponse returns response's headers

func NewHeaders 

func NewHeaders() *Headers

func SanitiseHeaders 

func SanitiseHeaders(requestHeader *http.Header) *Headers

SanitiseHeaders sanitises a collection of request headers not to include any with personal data

func (Headers) AllowList added in v1.130.0 

func (hs Headers) AllowList(key ...string) *Headers

AllowList return only safe headers and headers defined in the allow list.

func (Headers) Append 

func (hs Headers) Append(h *Header)

func (Headers) AppendHeader 

func (hs Headers) AppendHeader(key, value string)

func (Headers) AppendToRequest 

func (hs Headers) AppendToRequest(r *http.Request)

func (Headers) AppendToResponse 

func (hs Headers) AppendToResponse(w http.ResponseWriter)

func (Headers) Clone added in v1.130.0 

func (hs Headers) Clone() *Headers

func (Headers) DisallowList added in v1.130.0 

func (hs Headers) DisallowList(key ...string) *Headers

DisallowList returns the headers minus any header defined in the disallow list.

func (Headers) Empty 

func (hs Headers) Empty() bool

func (Headers) FromGoHTTPHeaders added in v1.130.0 

func (hs Headers) FromGoHTTPHeaders(headers *http.Header)

func (Headers) FromRequest added in v1.130.0 

func (hs Headers) FromRequest(r *http.Request)

func (Headers) FromResponse added in v1.130.0 

func (hs Headers) FromResponse(resp *http.Response)

func (Headers) Get added in v1.115.0 

func (hs Headers) Get(key string) string

func (Headers) GetHeader added in v1.130.0 

func (hs Headers) GetHeader(key string) (header *Header)

func (Headers) Has 

func (hs Headers) Has(h *Header) bool

func (Headers) HasHeader 

func (hs Headers) HasHeader(key string) bool

func (Headers) RemoveHeader added in v1.130.0 

func (hs Headers) RemoveHeader(key string)

func (Headers) RemoveHeaders added in v1.130.0 

func (hs Headers) RemoveHeaders(key ...string)

func (Headers) Sanitise added in v1.130.0 

func (hs Headers) Sanitise(allowList ...string)

Sanitise sanitises headers so no personal data is retained. It is possible to provide an allowed list of extra headers which would also be retained.

type IHTTPHeaders 

type IHTTPHeaders interface {
	AppendHeader(key, value string)
	Append(h *Header)
	Get(key string) string
	Has(h *Header) bool
	HasHeader(key string) bool
	Empty() bool
	AppendToResponse(w http.ResponseWriter)
}

IHTTPHeaders defines an HTTP header.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.