Documentation
¶
Overview ¶
Package hsts provides a HTTP Strict Transport Security middleware implementation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Handler ¶
Handler provides an HTTP Strict Transport Security (HSTS) implementation. When enabled this handler will redirect any HTTP request to its HTTPS representation while adding the required HSTS headers.
Based on the original implementation: https://github.com/a-h/hsts
Types ¶
type Options ¶
type Options struct {
// MaxAge sets the duration (in hours) that the HSTS is valid for.
MaxAge uint `json:"max_age" yaml:"max_age" mapstructure:"max_age"`
// HostOverride provides a host to the redirection URL in the case that
// the system is behind a load balancer which doesn't provide the
// X-Forwarded-Host HTTP header (e.g. an Amazon ELB).
HostOverride string `json:"host_override" yaml:"host_override" mapstructure:"host_override"`
// Decides whether to accept the X-Forwarded-Proto header as proof of SSL.
AcceptXForwardedProtoHeader bool `json:"accept_forwarded_proto" yaml:"accept_forwarded_proto" mapstructure:"accept_forwarded_proto"`
// SendPreloadDirective sets whether the preload directive should be set.
// The directive allows browsers to confirm that the site should be added
// to a preload list. https://hstspreload.org/
SendPreloadDirective bool `json:"send_preload_directive" yaml:"send_preload_directive" mapstructure:"send_preload_directive"`
// Whether to apply the HSTS policy to subdomains as well.
IncludeSubdomains bool `json:"include_subdomains" yaml:"include_subdomains" mapstructure:"include_subdomains"`
}
Options available when enabling HSTS. nolint: lll
func DefaultOptions ¶
func DefaultOptions() Options
DefaultOptions return a sane default configuration to enable a HSTS policy.
Source Files
Click to show internal directories.
Click to hide internal directories.