Cory Jacobsen
Cory Jacobsen
How do you see this working? Would using the same HTML template but not escape the output (and change the header)?
There are a bunch of Access-Control-* headers we could add... what is we did the same concept as #73 and create a helper to generate the output... something like: ```go...
Hey @emarais-godaddy, this hasn't been implemented yet. I still like the idea but haven't had the time to work on it. Would love some help if you (or anyone else)...
I'm going to close this as I'm not sure such a feature belongs in this package.
I think that would be a good idea. For backswards compatibility, I wonder if we can do something like: ```go cspOptions := secure.ContentSecurityPolicyOptions{ DefaultSrc: ["self"], ScriptSrc: ["self", "www.google-analytics.com"] } secure.Options{...
> I guess this is still available? If so, I would like to help 🙂 No one is currently working on this, so any help would be greatly appreciated!
Resolved by https://github.com/unrolled/secure/pull/86
The practical thinking behind `SSLProxyHeaders` is that you would only add headers that you **know** will be provided by your load balancer or proxy. If you are not using either...
Hey! I think I might be missing something here... I just checked the code and it is properly cased: https://github.com/martini-contrib/secure/blob/master/secure.go#L41 Are you seeing this in the code or the output?
Alright, I dug into this a bit more and heres what I found out. Go canonicalizes the header keys automatically for us (whether we like it or not): https://golang.org/src/net/http/header.go#L166 ```...