diff --git a/README.md b/README.md index 2cd62f8..16f4de2 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,27 @@ Security middlewares for Gin (`gin-gonic/gin`) inspired by the popular `helmet` middleware package for Node JS `express` and `koa`. ___ -[![Coverage Status](https://coveralls.io/repos/github/danielkov/gin-helmet/badge.svg?branch=master)](https://coveralls.io/github/danielkov/gin-helmet?branch=master) \ No newline at end of file +[![Build Status](https://travis-ci.org/danielkov/gin-helmet.svg?branch=master)](https://travis-ci.org/danielkov/gin-helmet) +[![Coverage Status](https://coveralls.io/repos/github/danielkov/gin-helmet/badge.svg?branch=master)](https://coveralls.io/github/danielkov/gin-helmet?branch=master) +[![Go Report Card](https://goreportcard.com/badge/github.com/danielkov/gin-helmet)](https://goreportcard.com/report/github.com/danielkov/gin-helmet) +[![godocs](https://img.shields.io/badge/godocs-reference-blue.svg)](https://godoc.org/github.com/danielkov/gin-helmet) +[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT) + +## Usage + +Add the `Default` middleware for basic security measures. + +```go +s := gin.New() +s.Use(helmet.Default()) +``` + +You can also add each middleware separately: + +```go +s.Use(helmet.NoCache()) +``` + +Those not included in the `Default()` middleware are considered more advanced and require consideration before using. + +See the [godoc](https://godoc.org/github.com/danielkov/gin-helmet) for more info and examples. \ No newline at end of file diff --git a/helmet.go b/helmet.go index d1afff4..996a7a4 100644 --- a/helmet.go +++ b/helmet.go @@ -100,16 +100,15 @@ func NoCache() gin.HandlerFunc { // The function accepts a map of its parameters which are appended to the header so you can control which headers should be set // The second parameter of the function is a boolean, which set to true will tell the handler to also set legacy headers, like // those that work in older versions of Chrome and Firefox. -/* Example usage: -```golang -opts := map[string]string{ - "default-src": "'self'", - "img-src": "*", - "media-src": "media1.com media2.com", - "script-src": "userscripts.example.com" -} -s.Use(helmet.ContentSecurityPolicy(opts, true)) -``` +/* +Example usage: + opts := map[string]string{ + "default-src": "'self'", + "img-src": "*", + "media-src": "media1.com media2.com", + "script-src": "userscripts.example.com" + } + s.Use(helmet.ContentSecurityPolicy(opts, true)) See [Content Security Policy on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) for more info. */ @@ -153,14 +152,10 @@ func ExpectCT(maxAge int, enforce bool, reportURI ...string) gin.HandlerFunc { /* Example usage: -```golang -opts := map[string]string{ - "pin-sha256": "cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=", - "pin-sha256": "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE=", - "max-age": "5184000", -} -s.Use(helmet.SetHPKP(opts)) -``` + keys := []string{"cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs=", "M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="} + r := gin.New() + r.Use(SetHPKP(keys, 5184000, true, "domain.com")) + */ func SetHPKP(keys []string, maxAge int, sub bool, reportURI ...string) gin.HandlerFunc { policy := ""