Helmet
Helmet 미들웨어는 다양한 HTTP 헤더 설정을 통해 애플리케이션 보안을 강화하는 데 도움이 됩니다.
Signatures
func New(config ...Config) fiber.HandlerExamples
package main
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/helmet"
)
func main() {
app := fiber.New()
app.Use(helmet.New())
app.Get("/", func(c *fiber.Ctx) error {
return c.SendString("Welcome!")
})
app.Listen(":3000")
}Test:
curl -I http://localhost:3000Config
Next
func(*fiber.Ctx) bool
미들웨어를 건너뛰는 함수를 정의합니다.
nil
XSSProtection
string
XSS 보호
"0"
ContentTypeNosniff
string
ContentTypeNosniff
"nosniff"
XFrameOptions
string
XFrameOptions
"SAMEORIGIN"
HSTSMaxAge
int
HSTSMaxAge
0
HSTSExcludeSubdomains
bool
HSTSExcludeSubdomains
false
ContentSecurityPolicy
string
ContentSecurityPolicy
""
CSPReportOnly
bool
CSPReportOnly
false
HSTSPreloadEnabled
bool
HSTSPreloadEnabled
false
ReferrerPolicy
string
ReferrerPolicy
"ReferrerPolicy"
PermissionPolicy
string
Permissions-Policy
""
CrossOriginEmbedderPolicy
string
Cross-Origin-Embedder-Policy
"require-corp"
CrossOriginOpenerPolicy
string
Cross-Origin-Opener-Policy
"same-origin"
CrossOriginResourcePolicy
string
Cross-Origin-Resource-Policy
"same-origin"
OriginAgentCluster
string
Origin-Agent-Cluster
"?1"
XDNSPrefetchControl
string
X-DNS-Prefetch-Control
"off"
XDownloadOptions
string
X-Download-Options
"noopen"
XPermittedCrossDomain
string
X-Permitted-Cross-Domain-Policies
"none"
Default Config
var ConfigDefault = Config{
XSSProtection: "0",
ContentTypeNosniff: "nosniff",
XFrameOptions: "SAMEORIGIN",
ReferrerPolicy: "no-referrer",
CrossOriginEmbedderPolicy: "require-corp",
CrossOriginOpenerPolicy: "same-origin",
CrossOriginResourcePolicy: "same-origin",
OriginAgentCluster: "?1",
XDNSPrefetchControl: "off",
XDownloadOptions: "noopen",
XPermittedCrossDomain: "none",
}Last updated