middleware

package
v1.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 25, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var SecurityHeaderDefaults = map[string]string{
	"X-Content-Type-Options":       "nosniff",
	"X-Frame-Options":              "DENY",
	"Strict-Transport-Security":    "max-age=31536000; includeSubDomains",
	"Referrer-Policy":              "strict-origin-when-cross-origin",
	"Cache-Control":                "no-store",
	"Cross-Origin-Opener-Policy":   "same-origin",
	"Cross-Origin-Resource-Policy": "same-site",
}

Functions

func SecurityHeadersMiddleware

func SecurityHeadersMiddleware(customHeaders map[string]string) func(http.Handler) http.Handler

SecurityHeadersMiddleware returns an HTTP middleware that adds baseline security headers to every response. customHeaders overrides or extends the defaults. Content-Security-Policy is managed at the infrastructure level and is omitted from the defaults.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL