helmet

func ContentSecurityPolicy ¶

func ContentSecurityPolicy(opt map[string]string, legacy bool) gin.HandlerFunc

ContentSecurityPolicy sets a header which will restrict your browser to only allow certain sources for assets on your website The function accepts a map of its parameters which are appended to the header so you can control which headers should be set The second parameter of the function is a boolean, which set to true will tell the handler to also set legacy headers, like those that work in older versions of Chrome and Firefox.

Example usage:

    opts := map[string]string{
	    "default-src": "'self'",
	    "img-src": "*",
	    "media-src": "media1.com media2.com",
	    "script-src": "userscripts.example.com"
    }
	s.Use(helmet.ContentSecurityPolicy(opts, true))

See [Content Security Policy on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) for more info.

func DNSPrefetchControl ¶

func DNSPrefetchControl() gin.HandlerFunc

DNSPrefetchControl sets Prefetch Control header to prevent browser from prefetching DNS

func Default ¶

func Default() (gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc, gin.HandlerFunc)

Default returns a number of handlers that are advised to use for basic HTTP(s) protection

func ExpectCT ¶

func ExpectCT(maxAge int, enforce bool, reportURI ...string) gin.HandlerFunc

ExpectCT sets Certificate Transparency header which can enforce that you're using a Certificate which is ready for the upcoming Chrome requirements policy. The function accepts a maxAge int which is the TTL for the policy in delta seconds, an enforce boolean, which simply adds an enforce directive to the policy (otherwise it's report-only mode) and a optional reportUri, which is the URI to which report information is sent when the policy is violated.

func FrameGuard ¶

func FrameGuard(opt ...string) gin.HandlerFunc

FrameGuard sets Frame Options header to deny to prevent content from the website to be served in an iframe

func IENoOpen ¶

func IENoOpen() gin.HandlerFunc

IENoOpen sets Download Options header for Internet Explorer to prevent it from executing downloads in the site's context

func NoCache ¶

func NoCache() gin.HandlerFunc

NoCache obliterates cache options by setting a number of headers. This prevents the browser from storing your assets in cache

func NoSniff ¶

func NoSniff() gin.HandlerFunc

NoSniff applies header to protect your server from MimeType Sniffing

func Referrer ¶

func Referrer(opt ...string) gin.HandlerFunc

Referrer sets the Referrer Policy header to prevent the browser from sending data from your website to another one upon navigation an optional string can be provided to set the policy to something else other than "no-referrer".

func SetHPKP ¶

func SetHPKP(keys []string, maxAge int, sub bool, reportURI ...string) gin.HandlerFunc

SetHPKP sets HTTP Public Key Pinning for your server. It is not necessarily a great thing to set this without proper knowledge of what this does. [Read here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) otherwise you may likely end up DoS-ing your own server and domain. The function accepts a map of directives and their values according to specifications.

Example usage:

keys := []string{"cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=", "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="}
r := gin.New()
r.Use(SetHPKP(keys, 5184000, true, "domain.com"))

func SetHSTS ¶

func SetHSTS(sub bool, opt ...int) gin.HandlerFunc

SetHSTS Sets Strict Transport Security header to the default of 60 days an optional integer may be added as a parameter to set the amount in seconds

func XSSFilter ¶

func XSSFilter() gin.HandlerFunc

XSSFilter applies very minimal XSS protection via setting the XSS Protection header on