security

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 12, 2026 License: BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// CSRFTokenHeader is the name of the header used to send the CSRF token in requests.
	//nolint:gosec // really?
	CSRFTokenHeader = "X-Krb-Csrf-Token"

	SessionCookieName = "session"
	RefreshCookieName = "refresh"
	CSRFCookieName    = "csrf"
)

Variables

This section is empty.

Functions

func CORSMiddleware

func CORSMiddleware(next http.Handler) http.Handler

CORSMiddleware is a middleware that adds CORS headers to the response. TODO: implement whitelist support for allowed origins.

func CSRFMiddleware

func CSRFMiddleware(next http.Handler) http.Handler

CSRFMiddleware is an HTTP middleware that checks for the presence of a valid CSRF token in requests. It should be used for all endpoints that modify state (e.g., POST, PUT, DELETE).

func CSRFMiddlewareWithExemptions

func CSRFMiddlewareWithExemptions(exemptSuffixes []string) func(http.Handler) http.Handler

func GetCSRFToken

func GetCSRFToken(maxAgeSeconds int) *http.Cookie

GetCSRFToken generates a new CSRF token and returns it as an HTTP cookie.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL