core

package module
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2025 License: MIT Imports: 3 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CSP 

func CSP(key, value string) string

Types

type HeaderWriter 

type HeaderWriter interface {
	SetHeader(key, value string)
	Next()
}

HeaderWriter is the interface that abstracts HTTP header writing across different frameworks

type MiddlewareFunc 

type MiddlewareFunc func(HeaderWriter)

MiddlewareFunc is a function that takes a HeaderWriter and processes it

func ClearSiteData 

func ClearSiteData(types ...string) MiddlewareFunc

ClearSiteData clears specific types of data from the browser

func ContentSecurityPolicy 

func ContentSecurityPolicy(opts ...string) MiddlewareFunc

ContentSecurityPolicy sets a header which will restrict your browser to only allow certain sources for assets on your website The function accepts a map of its parameters which are appended to the header so you can control which headers should be set The second parameter of the function is a boolean, which set to true will tell the handler to also set legacy headers, like those that work in older versions of Chrome and Firefox.

Example usage: 

helmet.ContentSecurityPolicy(
	helmet.CSP("default-src", "'self'"),
	helmet.CSP("img-src", "*"),
	helmet.CSP("media-src", "media1.com media2.com"),
	helmet.CSP("script-src", "userscripts.example.com"),
)

See [Content Security Policy on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) for more info.

func ContentSecurityPolicyLegacy 

func ContentSecurityPolicyLegacy(opts ...string) MiddlewareFunc

func CrossOriginEmbedderPolicy 

func CrossOriginEmbedderPolicy(opt ...string) MiddlewareFunc

CrossOriginEmbedderPolicy (COEP) helps isolate your document from other origins

func CrossOriginOpenerPolicy 

func CrossOriginOpenerPolicy(opt ...string) MiddlewareFunc

CrossOriginOpenerPolicy (COOP) helps isolate your document from other origins

func CrossOriginResourcePolicy 

func CrossOriginResourcePolicy(opt ...string) MiddlewareFunc

CrossOriginResourcePolicy (CORP) helps isolate your document from other origins

func DNSPrefetchControl 

func DNSPrefetchControl() MiddlewareFunc

DNSPrefetchControl sets Prefetch Control header to prevent browser from prefetching DNS

func Default 

func Default() []MiddlewareFunc

Default returns a slice of middleware functions that are advised to use for basic HTTP(s) protection

func ExpectCT deprecated 

func ExpectCT(maxAge int, enforce bool, reportURI ...string) MiddlewareFunc

ExpectCT sets Certificate Transparency header which can enforce that you're using a Certificate which is ready for the upcoming Chrome requirements policy. The function accepts a maxAge int which is the TTL for the policy in delta seconds, an enforce boolean, which simply adds an enforce directive to the policy (otherwise it's report-only mode) and a optional reportUri, which is the URI to which report information is sent when the policy is violated.

Deprecated: Expect-CT is mostly obsolete as of June 2021.

func FrameGuard 

func FrameGuard(opt ...string) MiddlewareFunc

FrameGuard sets Frame Options header to deny to prevent content from the website to be served in an iframe

func IENoOpen 

func IENoOpen() MiddlewareFunc

IENoOpen sets Download Options header for Internet Explorer to prevent it from executing downloads in the site's context

func NoCache 

func NoCache() MiddlewareFunc

NoCache obliterates cache options by setting a number of headers. This prevents the browser from storing your assets in cache

func NoRobotIndex 

func NoRobotIndex() MiddlewareFunc

NoRobotIndex applies header to protect your server from robot indexation

func NoSniff 

func NoSniff() MiddlewareFunc

NoSniff applies header to protect your server from MimeType Sniffing

func PermissionsPolicy 

func PermissionsPolicy(policy string) MiddlewareFunc

PermissionsPolicy sets the Permissions Policy header to control which browser features can be used

func Referrer 

func Referrer(opt ...string) MiddlewareFunc

Referrer sets the Referrer Policy header to prevent the browser from sending data from your website to another one upon navigation an optional string can be provided to set the policy to something else other than "strict-origin-when-cross-origin".

func SetHPKP 

func SetHPKP(keys []string, maxAge int, sub bool, reportURI ...string) MiddlewareFunc

SetHPKP sets HTTP Public Key Pinning for your server. It is not necessarily a great thing to set this without proper knowledge of what this does. [Read here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) otherwise you may likely end up DoS-ing your own server and domain. The function accepts a list of keys, a maxAge, a sub boolean, and an optional reportURI. NOTE: HPKP is deprecated and not recommended for use.

Example usage: 

keys := []string{"cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=", "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="}
helmet.SetHPKP(keys, 5184000, true, "domain.com")

func SetHSTS 

func SetHSTS(sub bool, opt ...int) MiddlewareFunc

SetHSTS Sets Strict Transport Security header to the default of 60 days an optional integer may be added as a parameter to set the amount in seconds

func XSSFilter 

func XSSFilter() MiddlewareFunc

XSSFilter applies very minimal XSS protection via setting the XSS Protection header on NOTE: X-XSS-Protection is deprecated. Use Content Security Policy instead.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.