headers

package
v0.1.24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2025 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const ReferrerNoReferrer = "no-referrer"

ReferrerNoReferrer 不发送Referrer信息

View Source 
const ReferrerNoReferrerWhenDowngrade = "no-referrer-when-downgrade"

ReferrerNoReferrerWhenDowngrade 仅在HTTPS到HTTP时不发送

View Source 
const ReferrerSameOrigin = "same-origin"

ReferrerSameOrigin 仅同源时发送

View Source 
const ReferrerStrictOrigin = "strict-origin"

ReferrerStrictOrigin 只发送源(严格)

View Source 
const ReferrerStrictOriginWhenCrossOrigin = "strict-origin-when-cross-origin"

ReferrerStrictOriginWhenCrossOrigin 跨域时仅发送源(严格)

View Source 
const XFrameDeny = "DENY"

XFrameDeny 拒绝所有iframe嵌入

View Source 
const XFrameSameOrigin = "SAMEORIGIN"

XFrameSameOrigin 仅允许同源iframe嵌入

Variables

This section is empty.

Functions

func CSPBasic 

func CSPBasic() string

CSPBasic 返回基本的CSP策略

func CSPModern added in v0.1.24 

func CSPModern() string

CSPModern 返回适合现代Web应用的CSP策略

func CSPStrict 

func CSPStrict() string

CSPStrict 返回严格的CSP策略

func DefaultDocumentPolicy added in v0.1.24 

func DefaultDocumentPolicy() string

DefaultDocumentPolicy 返回默认的文档策略

func DefaultPermissionsPolicy added in v0.1.24 

func DefaultPermissionsPolicy() string

DefaultPermissionsPolicy 返回默认的权限策略

func DefaultReportingEndpoints added in v0.1.24 

func DefaultReportingEndpoints(endpoint string) string

DefaultReportingEndpoints 返回默认的报告终端配置

func HSTSValue 

func HSTSValue(maxAge int, includeSubdomains bool, preload bool) string

HSTSValue 生成HSTS头部值

func New 

func New(options ...func(*Config)) mist.Middleware

New 创建一个新的安全头部中间件

func WithCSPReporting added in v0.1.24 

func WithCSPReporting(enabled bool) func(*Config)

WithCSPReporting 设置CSP报告模式

func WithContentSecurityPolicy 

func WithContentSecurityPolicy(policy string) func(*Config)

WithContentSecurityPolicy 设置内容安全策略

func WithContentTypeNoSniff 

func WithContentTypeNoSniff(enabled bool) func(*Config)

WithContentTypeNoSniff 设置内容类型嗅探保护

func WithCrossOriginPolicies 

func WithCrossOriginPolicies(embedder, opener, resource string) func(*Config)

WithCrossOriginPolicies 设置跨源政策

func WithDocumentPolicy added in v0.1.24 

func WithDocumentPolicy(policy string) func(*Config)

WithDocumentPolicy 设置文档策略

func WithExpectCT 

func WithExpectCT(enabled bool, maxAge int, enforce bool) func(*Config)

WithExpectCT 设置Expect-CT

func WithHSTS 

func WithHSTS(enabled bool, maxAge int, includeSubdomains bool, preload bool) func(*Config)

WithHSTS 设置HSTS

func WithNonce added in v0.1.24 

func WithNonce(enabled bool) func(*Config)

WithNonce 设置是否启用Nonce

func WithPermissionsPolicy 

func WithPermissionsPolicy(policy string) func(*Config)

WithPermissionsPolicy 设置权限策略

func WithReferrerPolicy 

func WithReferrerPolicy(policy string) func(*Config)

WithReferrerPolicy 设置引用来源政策

func WithReportURI added in v0.1.24 

func WithReportURI(uri string) func(*Config)

WithReportURI 设置报告URI

func WithReportingEndpoints added in v0.1.24 

func WithReportingEndpoints(endpoints string) func(*Config)

WithReportingEndpoints 设置报告终端

func WithUpgradeInsecureRequests added in v0.1.24 

func WithUpgradeInsecureRequests(enabled bool) func(*Config)

WithUpgradeInsecureRequests 设置是否启用升级不安全请求

func WithXFrameOptions 

func WithXFrameOptions(option string) func(*Config)

WithXFrameOptions 设置X-Frame-Options

func WithXSSProtection 

func WithXSSProtection(enabled bool) func(*Config)

WithXSSProtection 设置XSS保护

func XFrameAllowFrom 

func XFrameAllowFrom(uri string) string

XFrameAllowFrom 允许特定来源的iframe嵌入

Types

type CSPBuilder 

type CSPBuilder struct {
	// contains filtered or unexported fields
}

CSPBuilder 用于构建内容安全策略的生成器

func NewCSPBuilder 

func NewCSPBuilder() *CSPBuilder

NewCSPBuilder 创建新的CSP生成器

func (*CSPBuilder) Add 

func (b *CSPBuilder) Add(directive string, values ...string) *CSPBuilder

Add 添加内容安全策略指令

func (*CSPBuilder) RequireSRI added in v0.1.24 

func (b *CSPBuilder) RequireSRI(directive string, require bool) *CSPBuilder

RequireSRI 为特定指令要求使用SRI

func (*CSPBuilder) String 

func (b *CSPBuilder) String() string

String 生成内容安全策略字符串

type Config 

type Config struct {
	// XSSProtection 启用XSS保护
	XSSProtection bool
	// ContentTypeNoSniff 禁止内容类型嗅探
	ContentTypeNoSniff bool
	// XFrameOptions X-Frame-Options 设置
	XFrameOptions string
	// HSTS 是否启用HTTP严格传输安全
	HSTS bool
	// HSTSMaxAge HSTS最大存活时间(秒)
	HSTSMaxAge int
	// HSTSIncludeSubdomains 是否包含子域名
	HSTSIncludeSubdomains bool
	// HSTSPreload 是否启用预加载
	HSTSPreload bool
	// ContentSecurityPolicy 内容安全策略
	ContentSecurityPolicy string
	// ReferrerPolicy 引用来源政策
	ReferrerPolicy string
	// PermissionsPolicy 权限策略
	PermissionsPolicy string
	// XContentTypeOptions X-Content-Type-Options 头部
	XContentTypeOptions string
	// ExpectCT 证书透明度期望
	ExpectCT bool
	// ExpectCTMaxAge Expect-CT 最大存活时间(秒)
	ExpectCTMaxAge int
	// ExpectCTEnforce 是否强制执行Expect-CT
	ExpectCTEnforce bool
	// CrossOriginEmbedderPolicy 跨源嵌入者策略
	CrossOriginEmbedderPolicy string
	// CrossOriginOpenerPolicy 跨源打开者策略
	CrossOriginOpenerPolicy string
	// CrossOriginResourcePolicy 跨源资源策略
	CrossOriginResourcePolicy string
	// DocumentPolicy 文档策略
	DocumentPolicy string
	// ReportTo 违规报告配置
	ReportTo string
	// ReportURI CSP违规报告URI
	ReportURI string
	// EnableNonce 是否启用CSP nonce
	EnableNonce bool
	// EnableUpgradeInsecureRequests 是否启用升级不安全请求
	EnableUpgradeInsecureRequests bool
	// CSPReporting 是否启用CSP报告模式
	CSPReporting bool
}

Config 安全头部配置

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig 返回默认的安全头部配置

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.