Helmet
Helmet 中间件通过设置各种 HTTP 标头来帮助保护你的应用。
签名
func New(config ...Config) fiber.Handler
示例
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/helmet"
)
func main() {
app := fiber.New()
app.Use(helmet.New())
app.Get("/", func(c *fiber.Ctx) error {
return c.SendString("Welcome!")
})
app.Listen(":3000")
}
测试
curl -I https://127.0.0.1:3000
配置
| 属性 | 类型 | 说明 | 默认值 |
|---|---|---|---|
| 下一个 | func(*fiber.Ctx) bool | Next 定义一个函数来跳过中间件。 | nil |
| XSSProtection | string | XSSProtection | "0" |
| ContentTypeNosniff | string | ContentTypeNosniff | "nosniff" |
| XFrameOptions | string | XFrameOptions | "SAMEORIGIN" |
| HSTSMaxAge | int | HSTSMaxAge | 0 |
| HSTSExcludeSubdomains | bool | HSTSExcludeSubdomains | false |
| ContentSecurityPolicy | string | ContentSecurityPolicy | "" |
| CSPReportOnly | bool | CSPReportOnly | false |
| HSTSPreloadEnabled | bool | HSTSPreloadEnabled | false |
| ReferrerPolicy | string | ReferrerPolicy | "ReferrerPolicy" |
| PermissionPolicy | string | Permissions-Policy | "" |
| CrossOriginEmbedderPolicy | string | Cross-Origin-Embedder-Policy | "require-corp" |
| CrossOriginOpenerPolicy | string | Cross-Origin-Opener-Policy | "same-origin" |
| CrossOriginResourcePolicy | string | Cross-Origin-Resource-Policy | "same-origin" |
| OriginAgentCluster | string | Origin-Agent-Cluster | "?1" |
| XDNSPrefetchControl | string | X-DNS-Prefetch-Control | "off" |
| XDownloadOptions | string | X-Download-Options | "noopen" |
| XPermittedCrossDomain | string | X-Permitted-Cross-Domain-Policies | "none" |
默认配置
var ConfigDefault = Config{
XSSProtection: "0",
ContentTypeNosniff: "nosniff",
XFrameOptions: "SAMEORIGIN",
ReferrerPolicy: "no-referrer",
CrossOriginEmbedderPolicy: "require-corp",
CrossOriginOpenerPolicy: "same-origin",
CrossOriginResourcePolicy: "same-origin",
OriginAgentCluster: "?1",
XDNSPrefetchControl: "off",
XDownloadOptions: "noopen",
XPermittedCrossDomain: "none",
}