middleware helmet changes.
router check and panic message change. README enhancement
This commit is contained in:
@@ -1,3 +1,7 @@
|
||||
// Author: Ankit Patial
|
||||
// inspired from Helmet.js
|
||||
// https://github.com/helmetjs/helmet/tree/main
|
||||
|
||||
package middleware
|
||||
|
||||
import (
|
||||
@@ -6,9 +10,6 @@ import (
|
||||
"strings"
|
||||
)
|
||||
|
||||
// inspired from Helmet.js
|
||||
// https://github.com/helmetjs/helmet/tree/main
|
||||
|
||||
type (
|
||||
HelmetOption struct {
|
||||
ContentSecurityPolicy CSP
|
||||
@@ -101,16 +102,16 @@ type (
|
||||
const (
|
||||
YearDuration = 365 * 24 * 60 * 60
|
||||
|
||||
// EmbedderDefault default value will be "require-corp"
|
||||
EmbedderRequireCorp Embedder = "require-corp"
|
||||
EmbedderCredentialLess Embedder = "credentialless"
|
||||
EmbedderUnsafeNone Embedder = "unsafe-none"
|
||||
|
||||
// OpenerDefault default value will be "same-origin"
|
||||
// OpenerSameOrigin is default if no value supplied
|
||||
OpenerSameOrigin Opener = "same-origin"
|
||||
OpenerSameOriginAllowPopups Opener = "same-origin-allow-popups"
|
||||
OpenerUnsafeNone Opener = "unsafe-none"
|
||||
|
||||
// EmbedderDefault is default if no value supplied
|
||||
EmbedderRequireCorp Embedder = "require-corp"
|
||||
EmbedderCredentialLess Embedder = "credentialless"
|
||||
EmbedderUnsafeNone Embedder = "unsafe-none"
|
||||
|
||||
// ResourceDefault default value will be "same-origin"
|
||||
ResourceSameOrigin Resource = "same-origin"
|
||||
ResourceSameSite Resource = "same-site"
|
||||
@@ -125,13 +126,13 @@ const (
|
||||
StrictOriginWhenCrossOrigin Referrer = "strict-origin-when-cross-origin"
|
||||
UnsafeUrl Referrer = "unsafe-url"
|
||||
|
||||
// CDPDefault default value is "none"
|
||||
// CDPNone is default if no value supplied
|
||||
CDPNone CDP = "none"
|
||||
CDPMasterOnly CDP = "master-only"
|
||||
CDPByContentType CDP = "by-content-type"
|
||||
CDPAll CDP = "all"
|
||||
|
||||
// XFrameDefault default value will be "sameorigin"
|
||||
// XFrameSameOrigin is default if no value supplied
|
||||
XFrameSameOrigin XFrame = "sameorigin"
|
||||
XFrameDeny XFrame = "deny"
|
||||
)
|
||||
@@ -142,21 +143,14 @@ func Helmet(opt HelmetOption) func(http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Add("Content-Security-Policy", opt.ContentSecurityPolicy.value())
|
||||
|
||||
// Cross-Origin-Embedder-Policy, if nil set default
|
||||
if opt.CrossOriginEmbedderPolicy == "" {
|
||||
w.Header().Add("Cross-Origin-Embedder-Policy", string(EmbedderRequireCorp))
|
||||
} else {
|
||||
w.Header().Add("Cross-Origin-Embedder-Policy", string(opt.CrossOriginEmbedderPolicy))
|
||||
}
|
||||
|
||||
// Cross-Origin-Opener-Policy, if nil set default
|
||||
// Opener-Policy
|
||||
if opt.CrossOriginOpenerPolicy == "" {
|
||||
w.Header().Add("Cross-Origin-Opener-Policy", string(OpenerSameOrigin))
|
||||
} else {
|
||||
w.Header().Add("Cross-Origin-Opener-Policy", string(opt.CrossOriginOpenerPolicy))
|
||||
}
|
||||
|
||||
// Cross-Origin-Resource-Policy, if nil set default
|
||||
// Resource-Policy
|
||||
if opt.CrossOriginResourcePolicy == "" {
|
||||
w.Header().Add("Cross-Origin-Resource-Policy", string(ResourceSameOrigin))
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user