github.com/gofiber/fiber/v2@v2.47.0/middleware/helmet/config.go (about) 1 package helmet 2 3 import ( 4 "github.com/gofiber/fiber/v2" 5 ) 6 7 // Config defines the config for middleware. 8 type Config struct { 9 // Next defines a function to skip middleware. 10 // Optional. Default: nil 11 Next func(*fiber.Ctx) bool 12 13 // XSSProtection 14 // Optional. Default value "0". 15 XSSProtection string 16 17 // ContentTypeNosniff 18 // Optional. Default value "nosniff". 19 ContentTypeNosniff string 20 21 // XFrameOptions 22 // Optional. Default value "SAMEORIGIN". 23 // Possible values: "SAMEORIGIN", "DENY", "ALLOW-FROM uri" 24 XFrameOptions string 25 26 // HSTSMaxAge 27 // Optional. Default value 0. 28 HSTSMaxAge int 29 30 // HSTSExcludeSubdomains 31 // Optional. Default value false. 32 HSTSExcludeSubdomains bool 33 34 // ContentSecurityPolicy 35 // Optional. Default value "". 36 ContentSecurityPolicy string 37 38 // CSPReportOnly 39 // Optional. Default value false. 40 CSPReportOnly bool 41 42 // HSTSPreloadEnabled 43 // Optional. Default value false. 44 HSTSPreloadEnabled bool 45 46 // ReferrerPolicy 47 // Optional. Default value "ReferrerPolicy". 48 ReferrerPolicy string 49 50 // Permissions-Policy 51 // Optional. Default value "". 52 PermissionPolicy string 53 54 // Cross-Origin-Embedder-Policy 55 // Optional. Default value "require-corp". 56 CrossOriginEmbedderPolicy string 57 58 // Cross-Origin-Opener-Policy 59 // Optional. Default value "same-origin". 60 CrossOriginOpenerPolicy string 61 62 // Cross-Origin-Resource-Policy 63 // Optional. Default value "same-origin". 64 CrossOriginResourcePolicy string 65 66 // Origin-Agent-Cluster 67 // Optional. Default value "?1". 68 OriginAgentCluster string 69 70 // X-DNS-Prefetch-Control 71 // Optional. Default value "off". 72 XDNSPrefetchControl string 73 74 // X-Download-Options 75 // Optional. Default value "noopen". 76 XDownloadOptions string 77 78 // X-Permitted-Cross-Domain-Policies 79 // Optional. Default value "none". 80 XPermittedCrossDomain string 81 } 82 83 // ConfigDefault is the default config 84 var ConfigDefault = Config{ 85 XSSProtection: "0", 86 ContentTypeNosniff: "nosniff", 87 XFrameOptions: "SAMEORIGIN", 88 ReferrerPolicy: "no-referrer", 89 CrossOriginEmbedderPolicy: "require-corp", 90 CrossOriginOpenerPolicy: "same-origin", 91 CrossOriginResourcePolicy: "same-origin", 92 OriginAgentCluster: "?1", 93 XDNSPrefetchControl: "off", 94 XDownloadOptions: "noopen", 95 XPermittedCrossDomain: "none", 96 } 97 98 // Helper function to set default values 99 func configDefault(config ...Config) Config { 100 // Return default config if nothing provided 101 if len(config) < 1 { 102 return ConfigDefault 103 } 104 105 // Override default config 106 cfg := config[0] 107 108 // Set default values 109 if cfg.XSSProtection == "" { 110 cfg.XSSProtection = ConfigDefault.XSSProtection 111 } 112 113 if cfg.ContentTypeNosniff == "" { 114 cfg.ContentTypeNosniff = ConfigDefault.ContentTypeNosniff 115 } 116 117 if cfg.XFrameOptions == "" { 118 cfg.XFrameOptions = ConfigDefault.XFrameOptions 119 } 120 121 if cfg.ReferrerPolicy == "" { 122 cfg.ReferrerPolicy = ConfigDefault.ReferrerPolicy 123 } 124 125 if cfg.CrossOriginEmbedderPolicy == "" { 126 cfg.CrossOriginEmbedderPolicy = ConfigDefault.CrossOriginEmbedderPolicy 127 } 128 129 if cfg.CrossOriginOpenerPolicy == "" { 130 cfg.CrossOriginOpenerPolicy = ConfigDefault.CrossOriginOpenerPolicy 131 } 132 133 if cfg.CrossOriginResourcePolicy == "" { 134 cfg.CrossOriginResourcePolicy = ConfigDefault.CrossOriginResourcePolicy 135 } 136 137 if cfg.OriginAgentCluster == "" { 138 cfg.OriginAgentCluster = ConfigDefault.OriginAgentCluster 139 } 140 141 if cfg.XDNSPrefetchControl == "" { 142 cfg.XDNSPrefetchControl = ConfigDefault.XDNSPrefetchControl 143 } 144 145 if cfg.XDownloadOptions == "" { 146 cfg.XDownloadOptions = ConfigDefault.XDownloadOptions 147 } 148 149 if cfg.XPermittedCrossDomain == "" { 150 cfg.XPermittedCrossDomain = ConfigDefault.XPermittedCrossDomain 151 } 152 153 return cfg 154 }