middleware helemt changes

2025-03-21 13:00:31 +05:30
parent aa6ba87f4e
commit e6a8880fd3
4 changed files with 11 additions and 16 deletions
--- a/middleware/helmet.go
+++ b/middleware/helmet.go
@@ -102,19 +102,16 @@ const (
 	YearDuration = 365 * 24 * 60 * 60

 	// EmbedderDefault default value will be "require-corp"
-	EmbedderDefault        Embedder = ""
 	EmbedderRequireCorp    Embedder = "require-corp"
 	EmbedderCredentialLess Embedder = "credentialless"
 	EmbedderUnsafeNone     Embedder = "unsafe-none"

 	// OpenerDefault default value will be "same-origin"
-	OpenerDefault               Opener = ""
 	OpenerSameOrigin            Opener = "same-origin"
 	OpenerSameOriginAllowPopups Opener = "same-origin-allow-popups"
 	OpenerUnsafeNone            Opener = "unsafe-none"

 	// ResourceDefault default value will be "same-origin"
-	ResourceDefault     Resource = ""
 	ResourceSameOrigin  Resource = "same-origin"
 	ResourceSameSite    Resource = "same-site"
 	ResourceCrossOrigin Resource = "cross-origin"
@@ -129,14 +126,12 @@ const (
 	UnsafeUrl                   Referrer = "unsafe-url"

 	// CDPDefault default value is  "none"
-	CDPDefault       CDP = ""
 	CDPNone          CDP = "none"
 	CDPMasterOnly    CDP = "master-only"
 	CDPByContentType CDP = "by-content-type"
 	CDPAll           CDP = "all"

 	// XFrameDefault default value will be "sameorigin"
-	XFrameDefault    XFrame = ""
 	XFrameSameOrigin XFrame = "sameorigin"
 	XFrameDeny       XFrame = "deny"
 )
@@ -148,21 +143,21 @@ func Helmet(opt HelmetOption) func(http.Handler) http.Handler {
 			w.Header().Add("Content-Security-Policy", opt.ContentSecurityPolicy.value())

 			// Cross-Origin-Embedder-Policy, if nil set default
-			if opt.CrossOriginEmbedderPolicy == EmbedderDefault {
+			if opt.CrossOriginEmbedderPolicy == "" {
 				w.Header().Add("Cross-Origin-Embedder-Policy", string(EmbedderRequireCorp))
 			} else {
 				w.Header().Add("Cross-Origin-Embedder-Policy", string(opt.CrossOriginEmbedderPolicy))
 			}

 			// Cross-Origin-Opener-Policy, if nil set default
-			if opt.CrossOriginOpenerPolicy == OpenerDefault {
+			if opt.CrossOriginOpenerPolicy == "" {
 				w.Header().Add("Cross-Origin-Opener-Policy", string(OpenerSameOrigin))
 			} else {
 				w.Header().Add("Cross-Origin-Opener-Policy", string(opt.CrossOriginOpenerPolicy))
 			}

 			// Cross-Origin-Resource-Policy, if nil set default
-			if opt.CrossOriginResourcePolicy == ResourceDefault {
+			if opt.CrossOriginResourcePolicy == "" {
 				w.Header().Add("Cross-Origin-Resource-Policy", string(ResourceSameOrigin))
 			} else {
 				w.Header().Add("Cross-Origin-Resource-Policy", string(opt.CrossOriginResourcePolicy))
@@ -223,13 +218,13 @@ func Helmet(opt HelmetOption) func(http.Handler) http.Handler {
 			}

 			// indicate whether a browser should be allowed to render a page in iframe | frame | embed | object
-			if opt.XFrameOption == XFrameDefault {
+			if opt.XFrameOption == "" {
 				w.Header().Add("X-Frame-Options", string(XFrameSameOrigin))
 			} else {
 				w.Header().Add("X-Frame-Options", string(opt.XFrameOption))
 			}

-			if opt.CrossDomainPolicies == CDPDefault {
+			if opt.CrossDomainPolicies == "" {
 				w.Header().Add("X-Permitted-Cross-Domain-Policies", string(CDPNone))
 			} else {
 				w.Header().Add("X-Permitted-Cross-Domain-Policies", string(opt.CrossDomainPolicies))