echo icon indicating copy to clipboard operation
echo copied to clipboard
verified publisher icon labstack

Further improve readability and maintainability of middleware/secure.go

Open suwakei opened this issue 6 months ago • 3 comments

Improved readability of HSTS header construction logic

Currently, the logic for constructing the value of the Strict-Transport-Security (HSTS) header is to nest fmt.Sprintf and concatenate the strings. I believe that rewriting this part by adding each directive (max-age, includeSubdomains, preload) to the slice and finally joining them with strings.Join will make the logic clearer and improve readability.

Add comment regarding X-XSS-Protection header

The X-XSS-Protection header is deprecated in many modern browsers, and the Content-Security-Policy (CSP) header is recommended. While this header is important for backward compatibility, I believe that supplementing this background with comments will help users of this middleware choose more appropriate security settings.

suwakei avatar Jul 04 '25 21:07 suwakei

Target Issue: https://github.com/labstack/echo/issues/2799

suwakei avatar Jul 04 '25 22:07 suwakei

Hi! Just following up to see if there's anything I can improve in this PR 🙇

suwakei avatar Jul 16 '25 04:07 suwakei

Hi maintainers 👋 Just following up on this PR — happy to make any changes if needed. Please let me know if there's anything blocking review. Thanks!

suwakei avatar Jul 29 '25 16:07 suwakei