go-safeweb
go-safeweb copied to clipboard
google
Secure-by-default HTTP servers in Go.
For various reasons (e.g. experiments) it might be useful to wrap interceptors. The problem is that once an interceptor gets wrapped, it will not be matched to its configurations anymore....
Currently we only support one key for this plugin, which makes key rotation impossible without disrupting the service. We should instead accept a set of keys and emit tokens with...
We should provide a way to serve all HTML files in a directory as templates. This will allow interceptors to inject data and functions into templates without requiring the user...
Currently we implement the draft spec, but eventually we'll need to switch to the structured headers format. https://w3c.github.io/reporting/#header
Internally at Google we've adopted "restricted" APIs as the canonical way over alternatives ("banned", "unsafe", "unchecked"). A `grep` over "ban" in the repo should help with doing this. We also...
Example: ``` package tools type Fooer struct {} func (*Fooer) Foo() {} ``` 1. Would adding `tools.(*Fooer).Foo` to the banned API list ban calls like `f.Foo()`? 2. Do we want...
https://blog.golang.org/examples
We should provide some pre-baked configurations: 1) Basic, simple one: this is more of an example than a ready to use thing. The idea would be to showcase how a...