github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/framing/internalunsafeframing/internalunsafeframing.go

github.com/google/go-safeweb@v0.0.0-20231219055052-64d8cfc90fbb/safehttp/plugins/framing/internalunsafeframing/internalunsafeframing.go (about)

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //	https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package internalunsafeframing is used internally to override Framing protections.
    16  package internalunsafeframing
    17  
    18  // Disable turns framing protection to report-only where possible.
    19  type Disable struct {
    20  	// SkipReports completely disables framing protectcion.
    21  	SkipReports bool
    22  }
    23  
    24  // AllowList selectively allows framing.
    25  //
    26  // Please note that on older browsers this is equivalent to Disable.
    27  type AllowList struct {
    28  	// ReportOnly sets the policy to Report-Only instead of enforcing.
    29  	ReportOnly bool
    30  	// Hostnames is a list of origins (with potential wildcards) that will be able to frame the site.
    31  	// Wildcards must follow the CSP specification:
    32  	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors.
    33  	Hostnames []string
    34  }