secure

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: EUPL-1.2 Imports: 5 Imported by: 0

Documentation

Overview

Package secure provides security response headers as a burrow contrib app. It wraps github.com/unrolled/secure and sets sensible defaults for X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and HSTS.

By default, HSTS is enabled when the server's BaseURL uses HTTPS and disabled for plain HTTP. Content-Security-Policy, Permissions-Policy, and Cross-Origin-Opener-Policy are not set unless explicitly configured, as no safe universal default exists for these headers.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type App 

type App struct {
	// contains filtered or unexported fields
}

App implements security response headers as a burrow contrib app.

func New 

func New(opts ...Option) *App

New creates a new secure headers app with the given options.

Example 
package main

import (
	"fmt"

	"github.com/oliverandrich/burrow/contrib/secure"
)

func main() {
	// Zero-config: sets X-Content-Type-Options, X-Frame-Options,
	// Referrer-Policy, and auto-detects HSTS from BaseURL.
	app := secure.New()
	fmt.Println(app.Name())
}

Output:

secure

func (*App) Configure 

func (a *App) Configure(cmd *cli.Command) error

func (*App) Flags 

func (a *App) Flags(configSource func(key string) cli.ValueSource) []cli.Flag

func (*App) Middleware 

func (a *App) Middleware() []func(http.Handler) http.Handler

func (*App) Name 

func (a *App) Name() string

func (*App) Register 

func (a *App) Register(cfg *burrow.AppConfig) error

type Option 

type Option func(*App)

Option configures the secure app.

func WithAllowedHosts 

func WithAllowedHosts(hosts ...string) Option

WithAllowedHosts sets the list of allowed hostnames for Host header validation.

func WithContentSecurityPolicy 

func WithContentSecurityPolicy(csp string) Option

WithContentSecurityPolicy sets the Content-Security-Policy header.

Example 
package main

import (
	"fmt"

	"github.com/oliverandrich/burrow/contrib/secure"
)

func main() {
	app := secure.New(
		secure.WithContentSecurityPolicy("default-src 'self'; script-src 'self'"),
		secure.WithPermissionsPolicy("camera=(), microphone=()"),
	)
	fmt.Println(app.Name())
}

Output:

secure

func WithCrossOriginOpenerPolicy 

func WithCrossOriginOpenerPolicy(coop string) Option

WithCrossOriginOpenerPolicy sets the Cross-Origin-Opener-Policy header.

func WithDevelopment 

func WithDevelopment(dev bool) Option

WithDevelopment forces development mode on or off, overriding auto-detection.

func WithPermissionsPolicy 

func WithPermissionsPolicy(pp string) Option

WithPermissionsPolicy sets the Permissions-Policy header.

func WithSSLProxyHeaders 

func WithSSLProxyHeaders(headers map[string]string) Option

WithSSLProxyHeaders sets proxy headers used to detect HTTPS behind a reverse proxy.

func WithSSLRedirect 

func WithSSLRedirect(redirect bool) Option

WithSSLRedirect enables or disables HTTP-to-HTTPS redirect.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.