secure

package

v0.7.2 Latest Latest Go to latest Published: Jul 4, 2024 License: Apache-2.0 Imports: 2 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/datumforge/datum

Links

Open Source Insights

Documentation ¶

Overview ¶

Package secure is middleware that provides protection against cross-site scripting (XSS) attack, content type sniffing, clickjacking, insecure connection and other code injection attacks

Index ¶

Variables
func Secure(conf *Config) echo.MiddlewareFunc
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultConfig = Config{
	Enabled:               true,
	Skipper:               middleware.DefaultSkipper,
	XSSProtection:         "1; mode=block",
	ContentTypeNosniff:    "nosniff",
	XFrameOptions:         "SAMEORIGIN",
	HSTSPreloadEnabled:    false,
	HSTSMaxAge:            31536000,
	ContentSecurityPolicy: "default-src 'self'",
	ReferrerPolicy:        "same-origin",
	CSPReportOnly:         false,
}

DefaultConfig struct is a populated config struct that can be referenced if the default konaf configurations are not available

Functions ¶

func Secure ¶

func Secure(conf *Config) echo.MiddlewareFunc

Secure returns a secure middleware with default unless overridden via the config

Types ¶

type Config ¶ added in v0.3.6

type Config struct {
	// Enabled indicates if the secure middleware should be enabled
	Enabled bool `json:"enabled" koanf:"enabled" default:"true"`
	// Skipper defines a function to skip middleware
	Skipper middleware.Skipper `json:"-" koanf:"-"`
	// XSSProtection is the value to set the X-XSS-Protection header to - default is 1; mode=block
	XSSProtection string `json:"xssprotection" koanf:"xssprotection" default:"1; mode=block"`
	// ContentTypeNosniff is the value to set the X-Content-Type-Options header to - default is nosniff
	ContentTypeNosniff string `json:"contenttypenosniff" koanf:"contenttypenosniff" default:"nosniff"`
	// XFrameOptions is the value to set the X-Frame-Options header to - default is SAMEORIGIN
	XFrameOptions string `json:"xframeoptions" koanf:"xframeoptions" default:"SAMEORIGIN"`
	// HSTSPreloadEnabled is a boolean to enable HSTS preloading - default is false
	HSTSPreloadEnabled bool `json:"hstspreloadenabled" koanf:"hstspreloadenabled" default:"false"`
	// HSTSMaxAge is the max age to set the HSTS header to - default is 31536000
	HSTSMaxAge int `json:"hstsmaxage" koanf:"hstsmaxage" default:"31536000"`
	// ContentSecurityPolicy is the value to set the Content-Security-Policy header to - default is default-src 'self'
	ContentSecurityPolicy string `json:"contentsecuritypolicy" koanf:"contentsecuritypolicy" default:"default-src 'self'"`
	// ReferrerPolicy is the value to set the Referrer-Policy header to - default is same-origin
	ReferrerPolicy string `json:"referrerpolicy" koanf:"referrerpolicy" default:"same-origin"`
	// CSPReportOnly is a boolean to enable the Content-Security-Policy-Report-Only header - default is false
	CSPReportOnly bool `json:"cspreportonly" koanf:"cspreportonly" default:"false"`
}

Config contains the types used in the mw middleware

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL