Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gin-contrib/secure

Last synced: about 2 months ago
JSON representation

Host: GitHub
URL: https://github.com/gin-contrib/secure
Owner: gin-contrib
License: mit
Created: 2015-11-09T12:30:56.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2024-05-05T02:12:29.000Z (8 months ago)
Last Synced: 2024-05-05T03:19:42.210Z (8 months ago)
Language: Go
Size: 72.3 KB
Stars: 121
Watchers: 11
Forks: 10
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-gin - gin-contrib/secure

README

        # Secure

[![Run Tests](https://github.com/gin-contrib/secure/actions/workflows/go.yml/badge.svg?branch=master)](https://github.com/gin-contrib/secure/actions/workflows/go.yml)

[![codecov](https://codecov.io/gh/gin-contrib/secure/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/secure)

[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/secure)](https://goreportcard.com/report/github.com/gin-contrib/secure)

[![GoDoc](https://godoc.org/github.com/gin-contrib/secure?status.svg)](https://godoc.org/github.com/gin-contrib/secure)

Secure middleware for [Gin](https://github.com/gin-gonic/gin/) framework.

## Example

See the [example1](example/code1/example.go), [example2](example/code2/example.go).

DefaultConfig returns a Configuration with strict security settings

[embedmd]:# (secure.go go /func DefaultConfig/ /^}$/)

```go

func DefaultConfig() Config {

	return Config{

		SSLRedirect:           true,

		IsDevelopment:         false,

		STSSeconds:            315360000,

		STSIncludeSubdomains:  true,

		FrameDeny:             true,

		ContentTypeNosniff:    true,

		BrowserXssFilter:      true,

		ContentSecurityPolicy: "default-src 'self'",

		IENoOpen:              true,

		SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},

	}

}

```

[embedmd]:# (example/code1/example.go go)

```go

package main

import (

	"log"

	"github.com/gin-contrib/secure"

	"github.com/gin-gonic/gin"

)

func main() {

	router := gin.Default()

	router.Use(secure.New(secure.Config{

		AllowedHosts:          []string{"example.com", "ssl.example.com"},

		SSLRedirect:           true,

		SSLHost:               "ssl.example.com",

		STSSeconds:            315360000,

		STSIncludeSubdomains:  true,

		FrameDeny:             true,

		ContentTypeNosniff:    true,

		BrowserXssFilter:      true,

		ContentSecurityPolicy: "default-src 'self'",

		IENoOpen:              true,

		ReferrerPolicy:        "strict-origin-when-cross-origin",

		SSLProxyHeaders:       map[string]string{"X-Forwarded-Proto": "https"},

	}))

	router.GET("/ping", func(c *gin.Context) {

		c.String(200, "pong")

	})

	// Listen and Server in 0.0.0.0:8080

	if err := router.Run(); err != nil {

		log.Fatal(err)

	}

}

```