go-safeweb
go-safeweb copied to clipboard
google
Secure-by-default HTTP servers in Go.
Create the ability of adding conformance checks that run after the mux has been set up. These would be able to: - list all the plugins registered for each handler,...
# Problem Some plugins need to cooperate. For instance: `framing` plugin needs to cooperate with a `csp` plugin, `cors` would usually disable `xsrf`. # Proposed solution To avoid the extra...
When fixing #57 I removed the use of `ServeMux` in all the tests in `form_test.go`, making them unit tests. But there should also be some integration tests that test the...
Currently, in order to avoid cloning a template every time we inject a XSRF token or a CSP nonce, we extended the safehttp.TemplateResponse with a `FuncMap` field. This contains the...
The CI is broken in a subtle way. Imagine the following timeline: ``` 1. Create new branch 'A' based on 'master'. 2. Work on branch 'A'. 3. Submit PR from...
## Expected Behavior The collector plugin should pass the IncomingRequest or at least the `context.Context` to the report handlers. For example, if I want to log the report I need...
We'll eventually like to update the language version, and when we do we should advance to a version that has generics. We should then assess places that could be improved...
All builtin plugin packages should have exemptions in separate ones to ease bancheck or similar tools integrations. I did this in #341 for csp, fetchmetadata and framing by creating the...
The CSP plugin currently supports report-uri, but not [report-to](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to).