Skip to content

Latest commit

 

History

History
76 lines (51 loc) · 4.47 KB

README.md

File metadata and controls

76 lines (51 loc) · 4.47 KB

Helmet Gopher

Helmet

Go Report Card

HTTP security headers middleware for Go(lang) inspired by HelmetJS.

Helmet helps you secure your Golang web applications by setting various HTTP security headers. It's not a silver bullet, but it can help!

Project is under active maintenance - even if there are no recent commits! Please submit an issue / bug request if you the library needs updating for any reason!

Quick Start

You can see more in the documentation.

go get github.com/goddtriffin/helmet

package main

import (
	"fmt"
	"log"
	"net/http"

	"github.com/goddtriffin/helmet"
)

func main() {
	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintln(w, "I love HelmetJS, I just wish there was a Go(lang) equivalent...")
	})

	helmet := helmet.Default()
	http.Handle("/", helmet.Secure(handler))

	log.Fatal(http.ListenAndServe(":8080", nil))
}

This code sample can be found in /examples/01-quick-start/.

How It Works

Helmet is a collection of 12 smaller middleware functions that set HTTP security response headers. Initializing via helmet.Default() will not include all of these middleware functions by default.

Module Default
Content-Security-Policy
X-Content-Type-Options nosniff
X-DNS-Prefetch-Control off
X-Download-Options noopen
Expect-CT
Feature-Policy
X-Frame-Options SAMEORIGIN
X-Permitted-Cross-Domain-Policies
X-Powered-By Removes the X-Powered-By header
Referrer-Policy
Strict-Transport-Security max-age=5184000; includeSubDomains (60 days)
X-XSS-Protection 1; mode=block

Credits

Made with 🤬 and 🥲 by Todd Everett Griffin

Helmet is open source under the MIT License.

Gopher image by Renee French, licensed under CC 3.0 license.

Helmet icon by Hand-Drawn Goods, licensed under CC 3.0 license.

Gopher + Helmet remix by Emily Wilson, licensed under CC 3.0 license.