github.com/blend/go-sdk@v1.20220411.3/webutil/constants.go (about) 1 /* 2 3 Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved 4 Use of this source code is governed by a MIT license that can be found in the LICENSE file. 5 6 */ 7 8 package webutil 9 10 import ( 11 "net/http" 12 "regexp" 13 ) 14 15 const ( 16 // TestURL can be used in tests for the URL passed to requests. 17 // 18 // The URL itself sets `https` as the scheme, `test.invalid` as the host, 19 // `/test` as the path, and `query=value` as the querystring. 20 // 21 // Note: .invalid is a special top level domain that will _never_ be assigned 22 // to a real registrant, it is always reserved for testing. 23 // See: https://www.iana.org/domains/reserved 24 TestURL = "https://test.invalid/test?query=value" 25 ) 26 27 // Logger flags 28 const ( 29 FlagHTTPRequest = "http.request" 30 ) 31 32 // HTTP Method constants (also referred to as 'verbs') 33 // 34 // They are aliases for the constants in net/http at this point. 35 const ( 36 MethodConnect = http.MethodConnect 37 MethodGet = http.MethodGet 38 MethodDelete = http.MethodDelete 39 MethodHead = http.MethodHead 40 MethodPatch = http.MethodPatch 41 MethodPost = http.MethodPost 42 MethodPut = http.MethodPut 43 MethodOptions = http.MethodOptions 44 ) 45 46 // Header names in canonical form. 47 var ( 48 HeaderAccept = http.CanonicalHeaderKey("Accept") 49 HeaderAcceptEncoding = http.CanonicalHeaderKey("Accept-Encoding") 50 HeaderAllow = http.CanonicalHeaderKey("Allow") 51 HeaderAuthorization = http.CanonicalHeaderKey("Authorization") 52 HeaderCacheControl = http.CanonicalHeaderKey("Cache-Control") 53 HeaderConnection = http.CanonicalHeaderKey("Connection") 54 HeaderContentEncoding = http.CanonicalHeaderKey("Content-Encoding") 55 HeaderContentLength = http.CanonicalHeaderKey("Content-Length") 56 HeaderContentType = http.CanonicalHeaderKey("Content-Type") 57 HeaderCookie = http.CanonicalHeaderKey("Cookie") 58 HeaderDate = http.CanonicalHeaderKey("Date") 59 HeaderETag = http.CanonicalHeaderKey("etag") 60 HeaderForwarded = http.CanonicalHeaderKey("Forwarded") 61 HeaderServer = http.CanonicalHeaderKey("Server") 62 HeaderSetCookie = http.CanonicalHeaderKey("Set-Cookie") 63 HeaderStrictTransportSecurity = http.CanonicalHeaderKey("Strict-Transport-Security") 64 HeaderUserAgent = http.CanonicalHeaderKey("User-Agent") 65 HeaderVary = http.CanonicalHeaderKey("Vary") 66 HeaderXContentTypeOptions = http.CanonicalHeaderKey("X-Content-Type-Options") 67 HeaderXForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For") 68 HeaderXForwardedHost = http.CanonicalHeaderKey("X-Forwarded-Host") 69 HeaderXForwardedPort = http.CanonicalHeaderKey("X-Forwarded-Port") 70 HeaderXForwardedProto = http.CanonicalHeaderKey("X-Forwarded-Proto") 71 HeaderXForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme") 72 HeaderXFrameOptions = http.CanonicalHeaderKey("X-Frame-Options") 73 HeaderXRealIP = http.CanonicalHeaderKey("X-Real-IP") 74 HeaderXServedBy = http.CanonicalHeaderKey("X-Served-By") 75 HeaderXXSSProtection = http.CanonicalHeaderKey("X-Xss-Protection") 76 ) 77 78 /* 79 SameSite prevents the browser from sending this cookie along with cross-site requests. 80 The main goal is mitigate the risk of cross-origin information leakage. 81 It also provides some protection against cross-site request forgery attacks. 82 Possible values for the flag are "lax", "strict" or "default". 83 */ 84 const ( 85 SameSiteStrict = "strict" 86 SameSiteLax = "lax" 87 SameSiteDefault = "default" 88 ) 89 90 var ( 91 // Allows for a sub-match of the first value after 'for=' to the next 92 // comma, semi-colon or space. The match is case-insensitive. 93 // forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)`) 94 95 // Allows for a sub-match for the first instance of scheme (http|https) 96 // prefixed by 'proto='. The match is case-insensitive. 97 protoRegex = regexp.MustCompile(`(?i)(?:proto=)(https|http)`) 98 ) 99 100 // Well known schemes 101 const ( 102 SchemeHTTP = "http" 103 SchemeHTTPS = "https" 104 SchemeSPDY = "spdy" 105 ) 106 107 // HSTS Cookie Fields 108 const ( 109 HSTSMaxAgeFormat = "max-age=%d" 110 HSTSIncludeSubDomains = "includeSubDomains" 111 HSTSPreload = "preload" 112 ) 113 114 // Connection header values. 115 const ( 116 // ConnectionKeepAlive is a value for the "Connection" header and 117 // indicates the server should keep the tcp connection open 118 // after the last byte of the response is sent. 119 ConnectionKeepAlive = "keep-alive" 120 ) 121 122 const ( 123 // ContentTypeApplicationJSON is a content type for JSON responses. 124 // We specify chartset=utf-8 so that clients know to use the UTF-8 string encoding. 125 ContentTypeApplicationJSON = "application/json; charset=utf-8" 126 127 // ContentTypeApplicationXML is a content type header value. 128 ContentTypeApplicationXML = "application/xml" 129 130 // ContentTypeApplicationFormEncoded is a content type header value. 131 ContentTypeApplicationFormEncoded = "application/x-www-form-urlencoded" 132 133 // ContentTypeApplicationOctetStream is a content type header value. 134 ContentTypeApplicationOctetStream = "application/octet-stream" 135 136 // ContentTypeHTML is a content type for html responses. 137 // We specify chartset=utf-8 so that clients know to use the UTF-8 string encoding. 138 ContentTypeHTML = "text/html; charset=utf-8" 139 140 //ContentTypeXML is a content type for XML responses. 141 // We specify chartset=utf-8 so that clients know to use the UTF-8 string encoding. 142 ContentTypeXML = "text/xml; charset=utf-8" 143 144 // ContentTypeText is a content type for text responses. 145 // We specify chartset=utf-8 so that clients know to use the UTF-8 string encoding. 146 ContentTypeText = "text/plain; charset=utf-8" 147 148 // ContentEncodingIdentity is the identity (uncompressed) content encoding. 149 ContentEncodingIdentity = "identity" 150 151 // ContentEncodingGZIP is the gzip (compressed) content encoding. 152 ContentEncodingGZIP = "gzip" 153 154 // ConnectionClose is the connection value of "close" 155 ConnectionClose = "close" 156 )