echo icon indicating copy to clipboard operation
echo copied to clipboard
verified publisher icon labstack

Further improve readability and maintainability of middleware/secure.go

Open suwakei opened this issue 6 months ago • 1 comments

Improved readability of HSTS header construction logic

Currently, the logic for constructing the value of the Strict-Transport-Security (HSTS) header is to nest fmt.Sprintf and concatenate the strings. I believe that rewriting this part by adding each directive (max-age, includeSubdomains, preload) to the slice and finally joining them with strings.Join will make the logic clearer and improve readability.

Add comment regarding X-XSS-Protection header

The X-XSS-Protection header is deprecated in many modern browsers, and the Content-Security-Policy (CSP) header is recommended. While this header is important for backward compatibility, I believe that supplementing this background with comments will help users of this middleware choose more appropriate security settings.

suwakei avatar Jul 04 '25 21:07 suwakei

Target PR: https://github.com/labstack/echo/pull/2800

suwakei avatar Jul 04 '25 22:07 suwakei