github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/csp/internalunsafecsp/unsafestrictcsp/unsafestrictcsp.go

github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/csp/internalunsafecsp/unsafestrictcsp/unsafestrictcsp.go (about)

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package unsafestrictcsp can be used to disable Strict CSP protections on specific handler registration.
    16  //
    17  // Usage of this package should require a security review.
    18  package unsafestrictcsp
    19  
    20  import "github.com/google/go-safeweb/safehttp/plugins/csp/internalunsafecsp"
    21  
    22  // Disable switches Strict CSP to report-only.
    23  // If skipReports is true, it will completely disable it.
    24  func Disable(reason string, skipReports bool) internalunsafecsp.DisableStrict {
    25  	if reason == "" {
    26  		panic("reason cannot be empty")
    27  	}
    28  	return internalunsafecsp.DisableStrict{SkipReports: skipReports}
    29  }